# Generate automatically. Do not edit. commit dd0590d4e583f107e3e9fafe9ed754149da335d0 Author: Daiki Ueno <ueno@gnu.org> Date: 2022-01-17 Release 0.24.1 Signed-off-by: Daiki Ueno <ueno@gnu.org> NEWS | 7 +++++++ configure.ac | 2 +- meson.build | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) commit 4589625f3038d85cada8555fc457ad30ca2bfd06 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-05-30 common: Support copying attribute array recursively This enables p11_attrs_build to build an attribute list with arrays of attributes indicated with CKF_ARRAY_ATTRIBUTE. A couple of new internal functions have been added: p11_attr_copy and p11_attr_clear. Signed-off-by: Daiki Ueno <ueno@gnu.org> common/attrs.c | 80 +++++++++++++++++++++++++++++++++++++++++++++-------- common/attrs.h | 3 ++ common/test-attrs.c | 36 ++++++++++++++++++++++++ 3 files changed, 107 insertions(+), 12 deletions(-) commit b9da18d6994b3a718248f59f1f080d4f6fe97b8c Author: Daiki Ueno <ueno@gnu.org> Date: 2021-06-01 common: Add assert_ptr_cmp Signed-off-by: Daiki Ueno <ueno@gnu.org> common/test.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9f01a8a45ba913a9b65894cef9369b6010005096 Author: Eli Schwartz <eschwartz@archlinux.org> Date: 2022-01-11 gtkdoc: remove dependencies on custom target files Sadly, the `dependencies` kwarg does not actually do what it seems to be trying to be used for, here. It is for listing dependency or library objects whose compiler flags should be added to gtkdoc-scangobj. It will not actually add ninja target dependencies. The similar kwarg in other meson functions (e.g. genmarshal and compile_schemas) that *do* allow adding target dependencies, is `depend_files`. Older versions of meson simply did nothing in an if/elif/elif block where these custom_targets never matched anything, and were thus silently ignored. Meson 0.61 type-validates the arguments and rejects CustomTarget as invalid: ``` doc/manual/meson.build:72:8: ERROR: gnome.gtkdoc keyword argument 'dependencies' was of type array[CustomTarget | PkgConfigDependency] but should have been array[Dependency | SharedLibrary | StaticLibrary] ``` Fixes #406 doc/manual/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 04f85857b3029fd28c7c731aef89f61b22e846d3 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-11-26 doc: Replace occurrence of black list with blocklist This is a follow-up of 47fabc2366d917e255241c41a6cfc179af372644. Signed-off-by: Daiki Ueno <ueno@gnu.org> doc/manual/pkcs11.conf.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fd7c4e7e9496a7b4b2a26430e8969f27fb38457e Author: Daiki Ueno <ueno@gnu.org> Date: 2021-10-16 build: Suppress cppcheck false-positive on array bounds Cppcheck 2.6 reports the following errors, when loops on arrays depend on a sentinel: trust/builder.c:1103,error,arrayIndexOutOfBounds,Array 'schema->attrs[32]' accessed at index 9998, which is out of bounds. trust/builder.c:1136,error,arrayIndexOutOfBounds,Array 'schema->attrs[32]' accessed at index 9998, which is out of bounds. trust/builder.c:1301,error,arrayIndexOutOfBounds,Array 'ku_attribute_map[8]' accessed at index 9998, which is out of bounds. trust/builder.c:1385,error,arrayIndexOutOfBounds,Array 'eku_attribute_map[9]' accessed at index 9998, which is out of bounds. This adds an extra check to those loop conditions. While it is redundant, this should be harmless as it is not in the performance critical path. Signed-off-by: Daiki Ueno <ueno@gnu.org> trust/builder.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 2d34226781e89c23cef13833a3db25b1d59d9b07 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-10-16 ci: Use Docker image from the same repository Signed-off-by: Daiki Ueno <ueno@gnu.org> .github/workflows/test.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit c643379626e6ea1d22ab406aafc0beed35b81ab3 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-10-16 ci: Integrate Docker image building to GitHub workflow Signed-off-by: Daiki Ueno <ueno@gnu.org> .github/workflows/build-image.yml | 39 +++++++++++++++++++++++++++++++++++++++ ci/Dockerfile | 9 +++++++++ 2 files changed, 48 insertions(+) commit 0bc75cae1057b03e3d790c741adf97ac9b4dbe92 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-09-18 rpc: Fallback to version 0 if server does not support negotiation Old servers without support for version negotiation cannot handle version bytes other than 0 and will close the connection if a version byte greater than 0 is received. This adds a fallback mechanism to reconnect and reauthenticate with version 0 in that situation for backward compatibility. Suggested by Owen Taylor. Signed-off-by: Daiki Ueno <ueno@gnu.org> p11-kit/rpc-client.c | 16 ++++++++++++++++ p11-kit/rpc-transport.c | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) commit fdf3f1f28b946ee737b55b4313f8a7f7a02143f3 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-08-24 build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson Also expand the comment in configure.ac. Signed-off-by: Daiki Ueno <ueno@gnu.org> configure.ac | 7 ++++--- p11-kit/meson.build | 6 ++++++ 2 files changed, 10 insertions(+), 3 deletions(-) commit e850e03be65ed573d0b69ee0408e776c08fad8a3 Author: Emmanuel Dreyfus <manu@netbsd.org> Date: 2021-08-24 Link libp11-kit so that it cannot unload libp11-kit installs a pthread_atfork() callback to count forks. If the library gets unloaded, a stale pointer is called on the next fork(), leading to a crash. This fix adds -z nodelete linker flag so that libp11-kit cannot be unloaded. Unfortunately, that only fixes the problem for GNU ld. More additionnal flags will be required for other linkers. configure.ac | 13 +++++++++++++ p11-kit/Makefile.am | 1 + 2 files changed, 14 insertions(+) commit 509c1c949751c554e6244f2b42f1ce905e02f47d Author: Daiki Ueno <ueno@gnu.org> Date: 2021-07-22 trust: Use dngettext for plurals Suggested by Rafael Fontenelle in: https://github.com/p11-glue/p11-kit/issues/380 Signed-off-by: Daiki Ueno <ueno@gnu.org> trust/anchor.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 4769c479a3c41d68a293d007dd9e17a763001239 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-06-04 rpc: Support protocol version negotiation This works as follows: - a couple of build-time constants have been added to represent the minimal and maximum supported protocol versions - the client sends the maximum supported version upon connection establishment (when C_Initialize is called for first time from the client process) - the server checks the version sent from the client; if it is lower than the minimum supported version of the server, sends an error - otherwise, the server responds with either of smaller value between the version sent from the client and the maximum supported version of the server Signed-off-by: Daiki Ueno <ueno@gnu.org> configure.ac | 36 ++++++++++++++++++++++++++++++++++++ meson.build | 10 ++++++++++ meson_options.txt | 8 ++++++++ p11-kit/rpc-client.c | 6 +++++- p11-kit/rpc-server.c | 27 ++++++++++++++++++--------- p11-kit/rpc-transport.c | 18 ++++++++++++++---- p11-kit/rpc.h | 4 +++- p11-kit/test-rpc.c | 4 +++- 8 files changed, 97 insertions(+), 16 deletions(-) commit 2237f95b27e19f5f967c70ba8862a821e1e7de33 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-06-04 rpc: Separate authentication step from transaction Signed-off-by: Daiki Ueno <ueno@gnu.org> p11-kit/rpc-client.c | 4 ++++ p11-kit/rpc-transport.c | 61 ++++++++++++++++++++++++++++++------------------- p11-kit/rpc.h | 2 ++ p11-kit/test-rpc.c | 30 ++++++++++++++++-------- 4 files changed, 64 insertions(+), 33 deletions(-) commit 576bba3c34d6994e8b02051d94e6446bb0631ca1 Author: Issam E. Maghni <issam.e.maghni@mailbox.org> Date: 2021-06-16 Meson: p11_system_config_modules instead of p11_package_config_modules p11-kit/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a36228a06ad87ea6fe429a8c4705d68b2780e0d9 Author: Issam E. Maghni <issam.e.maghni@mailbox.org> Date: 2021-06-15 shell: test -a|o is not POSIX configure.ac | 2 +- p11-kit/test-server.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 79a0a3f235e44c174dd8efe5e2fe942812d18179 Author: Issam E. Maghni <issam.e.maghni@mailbox.org> Date: 2021-06-13 Meson: Add libtasn1 to trust programs trust/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 40d3ab265bff4cca10f1e0b7ed60f037511ee477 Author: Đoàn Trần Công Danh <congdanhqx@gmail.com> Date: 2021-06-10 meson: optionalise glib's development files for gtk_doc In p11-kit, only installation prefix of glib is required to build gtk-doc. In some distro, those development files are splitted into separated package. Pulling those development files in will pull its development dependencies, too. Let's give our users an option to build gtk-doc without development files of glib. doc/manual/meson.build | 5 ++++- meson_options.txt | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) commit 34826623f58399b24c21f1788e2cdaea34521b7b Author: Daiki Ueno <ueno@gnu.org> Date: 2021-06-03 common: Only check strndup behavior when replacement is used Otherwise GCC 11 complains with -Wstringop-overread. Signed-off-by: Daiki Ueno <ueno@gnu.org> common/test-compat.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 9832f8b0ce334d269f2c6037ba5daf48057f3bcf Author: Daiki Ueno <ueno@gnu.org> Date: 2021-06-03 Release 0.24.0 Signed-off-by: Daiki Ueno <ueno@gnu.org> NEWS | 9 +++++++++ configure.ac | 2 +- meson.build | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) commit bd0970c8925bc7fb523d4c06088a4b4e031f31cf Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-11 Release 0.23.22 NEWS | 10 ++++++++++ configure.ac | 2 +- meson.build | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) commit 0dd01822166eaa1addc7300fd0dba25ef66e9083 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-06-03 rpc: Tighten attribute array check with manual enumeration CKF_ARRAY_ATTRIBUTE is not sufficient to tell if the attribute is an array of attributes, because the flag is also set for CKA_ALLOWED_MECHANISMS, which is an array of CK_MECHANISM_TYPE (unsigned long). Moreover, our vendor prefix 0x58444700UL masks the bit. Signed-off-by: Daiki Ueno <ueno@gnu.org> common/attrs.h | 10 ++++++++++ p11-kit/rpc-client.c | 3 ++- p11-kit/rpc-server.c | 3 ++- 3 files changed, 14 insertions(+), 2 deletions(-) commit 96c7b934d1a41e85f8b0e6dfce527fd055773f65 Author: Claes Nästén <pekdon@gmail.com> Date: 2021-04-30 Check for SUN_LEN and provide fallback SUN_LEN is not available on Solaris 10, provide a fallback. common/compat.h | 10 ++++++++++ configure.ac | 2 +- meson.build | 1 + 3 files changed, 12 insertions(+), 1 deletion(-) commit 6e7401e9e56b746c25acacb537187acbf53303f5 Author: Claes Nästén <pekdon@gmail.com> Date: 2021-04-30 Do not define _XOPEN_SOURCE in compat.c on Solaris Defining _XOPEN_SOURCE 700 on Solaris makes the compile fail due to a feature check in sys/feature_tests.h, C99 compiler in combination with < XPG6 feature set is not supported. common/compat.c | 5 +++++ 1 file changed, 5 insertions(+) commit 3ec2e9ff9a56b4c0cc6aa52daeb55deca4b0a99e Author: Claes Nästén <pekdon@gmail.com> Date: 2021-04-30 make autogen.sh a bit more portable cp -v does not work on Solaris 10, nor does $() with /bin/sh so instead go for non verbose as -e will echo the commands performed anyway and use backticks. autogen.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b3243a754763f6df19351593781b88e277a324bc Author: Daiki Ueno <ueno@gnu.org> Date: 2021-05-23 rpc-server: Disable parsing CKF_ARRAY_ATTRIBUTE This is a temporary measure to avoid oss-fuzz failure. When the attribute array is nested, the current internal API cannot determine the actual size of data that need to be stored, because ulValueLen is set to the attribute count times sizeof(CK_ATTRIBUTE). Signed-off-by: Daiki Ueno <ueno@gnu.org> p11-kit/rpc-client.c | 5 +++++ p11-kit/rpc-server.c | 5 +++++ 2 files changed, 10 insertions(+) commit 34b568727ff98ebb36f45a3d63c07f165c58219b Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-27 Update README.md README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 0ecce9f3b99f0f699ad46495f37eb541b17c691f Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-27 README.md: Suggest using only meson sub-commands instead of ninja README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 3d9e39d0173b58e66554d9b61f08d09b7db5bf43 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-27 p11-kit: Add missing <limits.h> include for SIZE_MAX Spotted by Jeffrey Walton in: https://github.com/p11-glue/p11-kit/issues/361 p11-kit/lists.c | 1 + 1 file changed, 1 insertion(+) commit bff7e36649c97aaaac29b7b16021af75386bdaee Author: Tomas Tomecek <ttomecek@redhat.com> Date: 2021-03-10 packit: drop synced_files packit's default is specfile + packit.yaml, so this can be omitted: https://packit.dev/docs/configuration/#synced_files Signed-off-by: Tomas Tomecek <ttomecek@redhat.com> .packit.yaml | 3 --- 1 file changed, 3 deletions(-) commit 4711af41a2b166c0ba8cb7b508ce865727ec12d2 Author: Tomas Tomecek <ttomecek@redhat.com> Date: 2021-03-10 packit: fedora renamed master branch to rawhide Signed-off-by: Tomas Tomecek <ttomecek@redhat.com> .packit.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit be8fc2ae73ef2ed2338d0f745b6233629e4330c4 Author: Yuri Chornoivan <yurchor@ukr.net> Date: 2021-03-06 Fix minor typo trust/enumerate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d0742257046f656882ed3068f608f0e192aee448 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-06 po: Add trust/trust.c to POTFILES.in Pointed by Piotr Drąg. po/POTFILES.in | 1 + 1 file changed, 1 insertion(+) commit 4085803ef7ad55aa1e22ee598362134116566513 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-06 po: Update POTFILES.in po/POTFILES.in | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) commit cdff966cd8dc51d1cca79892565e4dab66290625 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-05 trust: Make more strings translatable trust/anchor.c | 47 +++++++++++++++++++++++++++-------------------- trust/builder.c | 47 +++++++++++++++++++++++++++-------------------- trust/dump.c | 11 +++++++++-- trust/enumerate.c | 33 ++++++++++++++++++++------------- trust/extract-cer.c | 15 +++++++++++---- trust/extract-edk2.c | 9 ++++++++- trust/extract-jks.c | 21 ++++++++++++++------- trust/extract-openssl.c | 11 +++++++++-- trust/extract-pem.c | 11 +++++++++-- trust/extract.c | 23 +++++++++++++++-------- trust/list.c | 11 +++++++++-- trust/module.c | 13 ++++++++++--- trust/parser.c | 15 +++++++++++---- trust/persist.c | 9 ++++++++- trust/save.c | 41 ++++++++++++++++++++++++----------------- trust/token.c | 23 +++++++++++++++-------- trust/trust.c | 12 +++++++----- 17 files changed, 233 insertions(+), 119 deletions(-) commit 4fc5956fcbf354d42feb3d3c6b72af26fac94436 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-05 p11-kit: Make more strings translatable p11-kit/conf.c | 21 ++++++++----- p11-kit/filter.c | 9 +++++- p11-kit/lists.c | 15 ++++++--- p11-kit/messages.c | 2 +- p11-kit/modules.c | 41 ++++++++++++++----------- p11-kit/p11-kit.c | 18 ++++++++--- p11-kit/remote.c | 13 ++++++-- p11-kit/rpc-client.c | 27 +++++++++++------ p11-kit/rpc-message.c | 17 ++++++++--- p11-kit/rpc-server.c | 31 +++++++++++-------- p11-kit/rpc-transport.c | 71 ++++++++++++++++++++++++------------------- p11-kit/server.c | 81 +++++++++++++++++++++++++++---------------------- 12 files changed, 212 insertions(+), 134 deletions(-) commit d1134f3aad404b1eda40d4889c74065d8bd4e2ec Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-05 common: Enable message translation in p11_tool_main common/tool.c | 45 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) commit 2ccffb50013a930264e151109dc3055c3bf83205 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-05 meson: Make sure to set PROJECT_NAME and ENABLE_NLS for 'nls' option Pointed out by Érico Nogueira Rolim in: https://github.com/p11-glue/p11-kit/issues/357 meson.build | 5 +++++ 1 file changed, 5 insertions(+) commit 58c8ef1a02f05c22c09afacb6efb53b4f85ddf1a Author: Daiki Ueno <ueno@gnu.org> Date: 2021-03-03 build: Add fuzz/meson.build in the distribution fuzz/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) commit 3e7451ecdd5c9ebca06e685ded5ceb6fb177b6b2 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-02-08 fuzz: Move the directory out of build/ The "build/" directory is mainly used for the artifacts not shipped in the distribution (except "build/litter" and "build/m4", which are populated by autotools). Makefile.am | 2 +- {build/fuzz => fuzz}/Makefile.am | 10 +++++----- {build/fuzz => fuzz}/fuzz.h | 0 {build/fuzz => fuzz}/main.c | 0 {build/fuzz => fuzz}/meson.build | 0 {build/fuzz => fuzz}/rpc.in/C_CloseAllSessions_slot_one | Bin {build/fuzz => fuzz}/rpc.in/C_CloseAllSessions_slot_two | Bin {build/fuzz => fuzz}/rpc.in/C_CloseSession | Bin {build/fuzz => fuzz}/rpc.in/C_CopyObject_attribute_array | Bin {build/fuzz => fuzz}/rpc.in/C_CopyObject_byte | Bin {build/fuzz => fuzz}/rpc.in/C_CopyObject_byte_array | Bin {build/fuzz => fuzz}/rpc.in/C_CopyObject_date | Bin {build/fuzz => fuzz}/rpc.in/C_CopyObject_date_empty | Bin {build/fuzz => fuzz}/rpc.in/C_CopyObject_invalid | Bin .../fuzz => fuzz}/rpc.in/C_CopyObject_mechanism_type_array | Bin {build/fuzz => fuzz}/rpc.in/C_CopyObject_ulong | Bin {build/fuzz => fuzz}/rpc.in/C_CreateObject_attribute_array | Bin {build/fuzz => fuzz}/rpc.in/C_CreateObject_byte | Bin {build/fuzz => fuzz}/rpc.in/C_CreateObject_byte_array | Bin {build/fuzz => fuzz}/rpc.in/C_CreateObject_date | Bin {build/fuzz => fuzz}/rpc.in/C_CreateObject_date_empty | Bin {build/fuzz => fuzz}/rpc.in/C_CreateObject_invalid | Bin .../rpc.in/C_CreateObject_mechanism_type_array | Bin {build/fuzz => fuzz}/rpc.in/C_CreateObject_ulong | Bin {build/fuzz => fuzz}/rpc.in/C_Decrypt | Bin {build/fuzz => fuzz}/rpc.in/C_DecryptDigestUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_DecryptFinal | Bin {build/fuzz => fuzz}/rpc.in/C_DecryptInit | Bin {build/fuzz => fuzz}/rpc.in/C_DecryptUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_DecryptVerifyUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_DeriveKey | Bin {build/fuzz => fuzz}/rpc.in/C_DestroyObject | Bin {build/fuzz => fuzz}/rpc.in/C_Digest | Bin {build/fuzz => fuzz}/rpc.in/C_DigestEncryptUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_DigestFinal | Bin {build/fuzz => fuzz}/rpc.in/C_DigestInit | Bin {build/fuzz => fuzz}/rpc.in/C_DigestKey | Bin {build/fuzz => fuzz}/rpc.in/C_DigestUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_Encrypt | Bin {build/fuzz => fuzz}/rpc.in/C_EncryptFinal | Bin {build/fuzz => fuzz}/rpc.in/C_EncryptInit | Bin {build/fuzz => fuzz}/rpc.in/C_EncryptUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_Finalize | Bin {build/fuzz => fuzz}/rpc.in/C_FindObjects | Bin {build/fuzz => fuzz}/rpc.in/C_FindObjectsFinal | Bin .../fuzz => fuzz}/rpc.in/C_FindObjectsInit_attribute_array | Bin {build/fuzz => fuzz}/rpc.in/C_FindObjectsInit_byte | Bin {build/fuzz => fuzz}/rpc.in/C_FindObjectsInit_byte_array | Bin {build/fuzz => fuzz}/rpc.in/C_FindObjectsInit_date | Bin {build/fuzz => fuzz}/rpc.in/C_FindObjectsInit_date_empty | Bin {build/fuzz => fuzz}/rpc.in/C_FindObjectsInit_invalid | Bin .../rpc.in/C_FindObjectsInit_mechanism_type_array | Bin {build/fuzz => fuzz}/rpc.in/C_FindObjectsInit_ulong | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateKeyPair | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateKey_attribute_array | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateKey_byte | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateKey_byte_array | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateKey_date | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateKey_date_empty | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateKey_invalid | Bin .../fuzz => fuzz}/rpc.in/C_GenerateKey_mechanism_type_array | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateKey_ulong | Bin {build/fuzz => fuzz}/rpc.in/C_GenerateRandom | Bin {build/fuzz => fuzz}/rpc.in/C_GetAttributeValue | Bin {build/fuzz => fuzz}/rpc.in/C_GetInfo | Bin {build/fuzz => fuzz}/rpc.in/C_GetMechanismInfo | Bin .../rpc.in/C_GetMechanismInfo_slot_one_capitalize | Bin .../fuzz => fuzz}/rpc.in/C_GetMechanismInfo_slot_one_prefix | Bin .../rpc.in/C_GetMechanismInfo_slot_two_capitalize | Bin .../fuzz => fuzz}/rpc.in/C_GetMechanismInfo_slot_two_prefix | Bin {build/fuzz => fuzz}/rpc.in/C_GetMechanismList | Bin .../fuzz => fuzz}/rpc.in/C_GetMechanismList_slot_one_buffer | Bin .../fuzz => fuzz}/rpc.in/C_GetMechanismList_slot_one_length | Bin .../fuzz => fuzz}/rpc.in/C_GetMechanismList_slot_two_buffer | Bin .../fuzz => fuzz}/rpc.in/C_GetMechanismList_slot_two_length | Bin {build/fuzz => fuzz}/rpc.in/C_GetObjectSize | Bin {build/fuzz => fuzz}/rpc.in/C_GetOperationState | Bin {build/fuzz => fuzz}/rpc.in/C_GetSessionInfo | Bin {build/fuzz => fuzz}/rpc.in/C_GetSlotInfo_slot_one | Bin {build/fuzz => fuzz}/rpc.in/C_GetSlotInfo_slot_two | Bin {build/fuzz => fuzz}/rpc.in/C_GetSlotList_all_buffer | Bin {build/fuzz => fuzz}/rpc.in/C_GetSlotList_all_length | Bin .../fuzz => fuzz}/rpc.in/C_GetSlotList_token_present_buffer | Bin .../fuzz => fuzz}/rpc.in/C_GetSlotList_token_present_length | Bin {build/fuzz => fuzz}/rpc.in/C_GetTokenInfo_slot_one | Bin {build/fuzz => fuzz}/rpc.in/C_GetTokenInfo_slot_two | Bin {build/fuzz => fuzz}/rpc.in/C_InitPIN | Bin {build/fuzz => fuzz}/rpc.in/C_InitToken_slot_one | Bin {build/fuzz => fuzz}/rpc.in/C_InitToken_slot_two | Bin {build/fuzz => fuzz}/rpc.in/C_Initialize | Bin {build/fuzz => fuzz}/rpc.in/C_Login | Bin {build/fuzz => fuzz}/rpc.in/C_Logout | Bin {build/fuzz => fuzz}/rpc.in/C_OpenSession_slot_one | Bin {build/fuzz => fuzz}/rpc.in/C_OpenSession_slot_two | Bin {build/fuzz => fuzz}/rpc.in/C_SeedRandom | Bin .../rpc.in/C_SetAttributeValue_attribute_array | Bin {build/fuzz => fuzz}/rpc.in/C_SetAttributeValue_byte | Bin {build/fuzz => fuzz}/rpc.in/C_SetAttributeValue_byte_array | Bin {build/fuzz => fuzz}/rpc.in/C_SetAttributeValue_date | Bin {build/fuzz => fuzz}/rpc.in/C_SetAttributeValue_date_empty | Bin {build/fuzz => fuzz}/rpc.in/C_SetAttributeValue_invalid | Bin .../rpc.in/C_SetAttributeValue_mechanism_type_array | Bin {build/fuzz => fuzz}/rpc.in/C_SetAttributeValue_ulong | Bin {build/fuzz => fuzz}/rpc.in/C_SetOperationState | Bin {build/fuzz => fuzz}/rpc.in/C_SetPIN | Bin {build/fuzz => fuzz}/rpc.in/C_Sign | Bin {build/fuzz => fuzz}/rpc.in/C_SignEncryptUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_SignFinal | Bin {build/fuzz => fuzz}/rpc.in/C_SignInit | Bin {build/fuzz => fuzz}/rpc.in/C_SignRecover | Bin {build/fuzz => fuzz}/rpc.in/C_SignRecoverInit | Bin {build/fuzz => fuzz}/rpc.in/C_SignUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_UnwrapKey | Bin {build/fuzz => fuzz}/rpc.in/C_Verify | Bin {build/fuzz => fuzz}/rpc.in/C_VerifyFinal | Bin {build/fuzz => fuzz}/rpc.in/C_VerifyInit | Bin {build/fuzz => fuzz}/rpc.in/C_VerifyRecover | Bin {build/fuzz => fuzz}/rpc.in/C_VerifyRecoverInit | Bin {build/fuzz => fuzz}/rpc.in/C_VerifyUpdate | Bin {build/fuzz => fuzz}/rpc.in/C_WaitForSlotEvent | Bin {build/fuzz => fuzz}/rpc.in/C_WrapKey | Bin {build/fuzz => fuzz}/rpc_fuzzer.c | 2 +- {build/fuzz => fuzz}/run-afl.sh | 0 meson.build | 2 +- 124 files changed, 8 insertions(+), 8 deletions(-) commit 6aa3ce13de298c9ecaa6628c6223002590ebbdf8 Author: David Cook <divergentdave@gmail.com> Date: 2020-11-14 Release all library/mock resources before exit build/fuzz/rpc_fuzzer.c | 2 ++ 1 file changed, 2 insertions(+) commit cf304848641b32664c72da263400e90a3c9752ce Author: David Cook <divergentdave@gmail.com> Date: 2020-11-14 Add separate oss-fuzz Makefile target OSS-Fuzz infrastructure requires some slightly different build commands, such as using $CXX to link, and using main() from $LIB_FUZZING_ENGINE. build/fuzz/Makefile.am | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit 22de027e72d9d696715026d657283b732010691f Author: David Cook <divergentdave@gmail.com> Date: 2020-11-14 Add build targets for future additional fuzzers This could simplify a future integration with OSS-Fuzz, and the future addition of a second fuzzer target. build/fuzz/Makefile.am | 5 ++++- build/fuzz/meson.build | 20 +++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) commit d3dc57f0d589e62cbba45011d68f6d7933c0a859 Author: David Cook <divergentdave@gmail.com> Date: 2020-11-07 Build fuzzer target from meson/ninja build/fuzz/meson.build | 17 +++++++++++++++++ meson.build | 1 + 2 files changed, 18 insertions(+) commit c5267ff2955bc2bff8bdac2d11f71d6ec5b0c4f1 Author: David Cook <divergentdave@gmail.com> Date: 2020-11-07 Explicit dependency for virtual-fixed-generated.h This is needed for `make build/fuzz/rpc_fuzzer` to work from a clean directory. p11-kit/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) commit ba745124bdd0c4b13027237f7b98679c262b7a88 Author: David Cook <divergentdave@gmail.com> Date: 2020-11-07 Build fuzzer target from automake .gitignore | 1 + Makefile.am | 1 + build/fuzz/Makefile.am | 5 +++++ build/fuzz/fuzz.h | 16 ++++++++++++++++ build/fuzz/main.c | 2 +- build/fuzz/meson.build | 0 build/fuzz/rpc_fuzzer.c | 4 ++-- build/fuzz/run-afl.sh | 2 +- 8 files changed, 27 insertions(+), 4 deletions(-) commit bf35d3c5aad0dc11e93321fc4540ace8063f888a Author: David Cook <divergentdave@gmail.com> Date: 2020-11-07 rpc_fuzzer: Clean up buffer before exit build/fuzz/rpc_fuzzer.c | 2 ++ 1 file changed, 2 insertions(+) commit b1dd01b51eaf03cb3bb38fcdeb3ff461ab88f9b3 Author: David Cook <divergentdave@gmail.com> Date: 2020-11-06 New set of fuzzer seeds build/fuzz/rpc.in/C_CloseAllSessions_slot_one | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_CloseAllSessions_slot_two | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_CloseSession | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_CopyObject_attribute_array | Bin 0 -> 55 bytes build/fuzz/rpc.in/C_CopyObject_byte | Bin 0 -> 42 bytes build/fuzz/rpc.in/C_CopyObject_byte_array | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_CopyObject_date | Bin 0 -> 53 bytes build/fuzz/rpc.in/C_CopyObject_date_empty | Bin 0 -> 45 bytes build/fuzz/rpc.in/C_CopyObject_invalid | Bin 0 -> 37 bytes build/fuzz/rpc.in/C_CopyObject_mechanism_type_array | Bin 0 -> 53 bytes build/fuzz/rpc.in/C_CopyObject_ulong | Bin 0 -> 49 bytes build/fuzz/rpc.in/C_CreateObject_attribute_array | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_CreateObject_byte | Bin 0 -> 33 bytes build/fuzz/rpc.in/C_CreateObject_byte_array | Bin 0 -> 37 bytes build/fuzz/rpc.in/C_CreateObject_date | Bin 0 -> 44 bytes build/fuzz/rpc.in/C_CreateObject_date_empty | Bin 0 -> 36 bytes build/fuzz/rpc.in/C_CreateObject_invalid | Bin 0 -> 28 bytes build/fuzz/rpc.in/C_CreateObject_mechanism_type_array | Bin 0 -> 44 bytes build/fuzz/rpc.in/C_CreateObject_ulong | Bin 0 -> 40 bytes build/fuzz/rpc.in/C_Decrypt | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_DecryptDigestUpdate | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_DecryptFinal | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_DecryptInit | Bin 0 -> 35 bytes build/fuzz/rpc.in/C_DecryptUpdate | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_DecryptVerifyUpdate | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_DeriveKey | Bin 0 -> 51 bytes build/fuzz/rpc.in/C_DestroyObject | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_Digest | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_DigestEncryptUpdate | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_DigestFinal | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_DigestInit | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_DigestKey | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_DigestUpdate | Bin 0 -> 40 bytes build/fuzz/rpc.in/C_Encrypt | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_EncryptFinal | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_EncryptInit | Bin 0 -> 35 bytes build/fuzz/rpc.in/C_EncryptUpdate | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_Finalize | Bin 0 -> 8 bytes build/fuzz/rpc.in/C_FindObjects | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_FindObjectsFinal | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_FindObjectsInit_attribute_array | Bin 0 -> 53 bytes build/fuzz/rpc.in/C_FindObjectsInit_byte | Bin 0 -> 33 bytes build/fuzz/rpc.in/C_FindObjectsInit_byte_array | Bin 0 -> 37 bytes build/fuzz/rpc.in/C_FindObjectsInit_date | Bin 0 -> 44 bytes build/fuzz/rpc.in/C_FindObjectsInit_date_empty | Bin 0 -> 36 bytes build/fuzz/rpc.in/C_FindObjectsInit_invalid | Bin 0 -> 28 bytes .../rpc.in/C_FindObjectsInit_mechanism_type_array | Bin 0 -> 44 bytes build/fuzz/rpc.in/C_FindObjectsInit_ulong | Bin 0 -> 40 bytes build/fuzz/rpc.in/C_GenerateKeyPair | Bin 0 -> 58 bytes build/fuzz/rpc.in/C_GenerateKey_attribute_array | Bin 0 -> 62 bytes build/fuzz/rpc.in/C_GenerateKey_byte | Bin 0 -> 42 bytes build/fuzz/rpc.in/C_GenerateKey_byte_array | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_GenerateKey_date | Bin 0 -> 53 bytes build/fuzz/rpc.in/C_GenerateKey_date_empty | Bin 0 -> 45 bytes build/fuzz/rpc.in/C_GenerateKey_invalid | Bin 0 -> 37 bytes build/fuzz/rpc.in/C_GenerateKey_mechanism_type_array | Bin 0 -> 53 bytes build/fuzz/rpc.in/C_GenerateKey_ulong | Bin 0 -> 49 bytes build/fuzz/rpc.in/C_GenerateRandom | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_GetAttributeValue | Bin 0 -> 40 bytes build/fuzz/rpc.in/C_GetInfo | Bin 0 -> 8 bytes build/fuzz/rpc.in/C_GetMechanismInfo | Bin 0 -> 26 bytes .../rpc.in/C_GetMechanismInfo_slot_one_capitalize | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_GetMechanismInfo_slot_one_prefix | Bin 0 -> 26 bytes .../rpc.in/C_GetMechanismInfo_slot_two_capitalize | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_GetMechanismInfo_slot_two_prefix | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_GetMechanismList | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_GetMechanismList_slot_one_buffer | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_GetMechanismList_slot_one_length | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_GetMechanismList_slot_two_buffer | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_GetMechanismList_slot_two_length | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_GetObjectSize | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_GetOperationState | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_GetSessionInfo | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_GetSlotInfo_slot_one | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_GetSlotInfo_slot_two | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_GetSlotList_all_buffer | Bin 0 -> 16 bytes build/fuzz/rpc.in/C_GetSlotList_all_length | Bin 0 -> 16 bytes build/fuzz/rpc.in/C_GetSlotList_token_present_buffer | Bin 0 -> 16 bytes build/fuzz/rpc.in/C_GetSlotList_token_present_length | Bin 0 -> 16 bytes build/fuzz/rpc.in/C_GetTokenInfo_slot_one | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_GetTokenInfo_slot_two | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_InitPIN | Bin 0 -> 32 bytes build/fuzz/rpc.in/C_InitToken_slot_one | Bin 0 -> 47 bytes build/fuzz/rpc.in/C_InitToken_slot_two | Bin 0 -> 47 bytes build/fuzz/rpc.in/C_Initialize | Bin 0 -> 66 bytes build/fuzz/rpc.in/C_Login | Bin 0 -> 33 bytes build/fuzz/rpc.in/C_Logout | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_OpenSession_slot_one | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_OpenSession_slot_two | Bin 0 -> 26 bytes build/fuzz/rpc.in/C_SeedRandom | Bin 0 -> 40 bytes build/fuzz/rpc.in/C_SetAttributeValue_attribute_array | Bin 0 -> 55 bytes build/fuzz/rpc.in/C_SetAttributeValue_byte | Bin 0 -> 42 bytes build/fuzz/rpc.in/C_SetAttributeValue_byte_array | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_SetAttributeValue_date | Bin 0 -> 53 bytes build/fuzz/rpc.in/C_SetAttributeValue_date_empty | Bin 0 -> 45 bytes build/fuzz/rpc.in/C_SetAttributeValue_invalid | Bin 0 -> 37 bytes .../rpc.in/C_SetAttributeValue_mechanism_type_array | Bin 0 -> 53 bytes build/fuzz/rpc.in/C_SetAttributeValue_ulong | Bin 0 -> 49 bytes build/fuzz/rpc.in/C_SetOperationState | Bin 0 -> 42 bytes build/fuzz/rpc.in/C_SetPIN | Bin 0 -> 43 bytes build/fuzz/rpc.in/C_Sign | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_SignEncryptUpdate | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_SignFinal | Bin 0 -> 23 bytes build/fuzz/rpc.in/C_SignInit | Bin 0 -> 35 bytes build/fuzz/rpc.in/C_SignRecover | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_SignRecoverInit | Bin 0 -> 35 bytes build/fuzz/rpc.in/C_SignUpdate | Bin 0 -> 40 bytes build/fuzz/rpc.in/C_UnwrapKey | Bin 0 -> 74 bytes build/fuzz/rpc.in/C_Verify | Bin 0 -> 63 bytes build/fuzz/rpc.in/C_VerifyFinal | Bin 0 -> 40 bytes build/fuzz/rpc.in/C_VerifyInit | Bin 0 -> 35 bytes build/fuzz/rpc.in/C_VerifyRecover | Bin 0 -> 46 bytes build/fuzz/rpc.in/C_VerifyRecoverInit | Bin 0 -> 35 bytes build/fuzz/rpc.in/C_VerifyUpdate | Bin 0 -> 40 bytes build/fuzz/rpc.in/C_WaitForSlotEvent | Bin 0 -> 17 bytes build/fuzz/rpc.in/C_WrapKey | Bin 0 -> 50 bytes build/fuzz/rpc.in/transcript | Bin 146 -> 0 bytes build/fuzz/transcript | Bin 5694933 -> 0 bytes 118 files changed, 0 insertions(+), 0 deletions(-) commit de69504632b01d72e996f037baf406d994dd4aac Author: Daiki Ueno <ueno@gnu.org> Date: 2021-02-07 github: Remove unnecessary SRCDIR envvar .github/actions/basic-autotools/action.yaml | 8 ++++---- .github/actions/basic-meson/action.yaml | 2 -- .github/workflows/test.yaml | 28 ++++++---------------------- 3 files changed, 10 insertions(+), 28 deletions(-) commit 58b14b33421064754732501e1eb67c90d8a24744 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-02-07 github: Use runuser instead of su for building and testing Also run the install phase as root to emulate the practical situation. .github/actions/basic-autotools/action.yaml | 23 +++++++++++++++-------- .github/actions/basic-meson/action.yaml | 15 ++++++++------- .github/workflows/test.yaml | 7 ++++--- 3 files changed, 27 insertions(+), 18 deletions(-) commit 58b7336ca3891fb36ac2fa2b35298f2c57fb1561 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-02-06 github: Use composite action to simplify the main recipe .github/actions/basic-autotools/action.yaml | 39 ++++++++ .github/actions/basic-meson/action.yaml | 38 +++++++ .github/workflows/test.yaml | 148 +++++----------------------- 3 files changed, 103 insertions(+), 122 deletions(-) commit 98a7787565ef6bdf18617640968ffb717697254b Author: Daiki Ueno <ueno@gnu.org> Date: 2021-02-06 github: Use pre-built container image for building .github/workflows/test.yaml | 57 ++++++--------------------------------------- 1 file changed, 7 insertions(+), 50 deletions(-) commit c680fca15ebc1765ba1d07c9fc5c226fd00019e5 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-02-06 README.md: Add GitHub workflow status README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 23beb5974246b7c85ed4e3b800f2590855187cf6 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-02-06 travis: Remove configurations other than FreeBSD .travis.yml | 36 ------------------------------------ 1 file changed, 36 deletions(-) commit 36eb32316b7b67b1d3b4838ee5560becd4d345bd Author: Daiki Ueno <ueno@gnu.org> Date: 2021-02-06 autotools: Fix for VPATH build Since adbb94ea3ec3c39b71c05eff8ef86cc85a075955, we always generate *.asn.h file at build time. This caused a build problem if p11-kit is built with an out-of-tree build directory. Reported by Pavel Heimlich in: https://github.com/p11-glue/p11-kit/issues/348 trust/Makefile.am | 4 ++++ 1 file changed, 4 insertions(+) commit 805f0ec64070ae942e7f208c2d171a6b47960081 Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Date: 2020-10-30 github actions: Initial CI setup Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> .github/workflows/test.yaml | 244 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 244 insertions(+) commit fc852e1a04628a4b3f46a0b34f1ed164fda571e4 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-01-28 modules: p11_kit_initialize_module: Remove redundant module unref For unmanaged modules, p11_module_release_inlock_reentrant simply decrease the reference count. However, it should have been incremented only if initialize_module_inlock_reentrant call above succeeds. p11-kit/modules.c | 1 - 1 file changed, 1 deletion(-) commit 6a7558b23793cb25aad1a2cfc1310c9eb80d028f Author: Daiki Ueno <ueno@gnu.org> Date: 2021-01-28 server: Account for NUL byte at the end of Unix domain socket path p11-kit/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2ab82c324aa67a57927b7f59efa06d93ee5bbfcf Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-15 compat: Expose FreeBSD specific issetugid, getresuid, and getresgid common/compat.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit bd14b7d65b4bf2929e8793debeeba42cd7d2c757 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-15 compat: Remove <unistd.h> inclusion from compat.h The header should be included from the C files instead for Unix specific features. common/compat.c | 5 +++-- common/compat.h | 1 - common/test-compat.c | 3 +++ common/vsock.c | 3 +++ p11-kit/conf.c | 3 +++ p11-kit/test-managed.c | 1 + p11-kit/test-rpc.c | 3 +++ p11-kit/test-transport.c | 1 + trust/test-token.c | 3 +++ trust/token.c | 3 +++ 10 files changed, 23 insertions(+), 3 deletions(-) commit 1515a8dad4131cff456be57a281b2b5eb766f229 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-13 compat: Avoid unused variables warning in fdwalk emulation common/compat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 40fbf74b02b8ad6625e3aa49d2cdef2b52e47a04 Author: Daiki Ueno <ueno@gnu.org> Date: 2021-01-25 compat: Pacify ASan complaints on intentionally leaked buffer Reported by Viktor Ashirov in: https://bugzilla.redhat.com/show_bug.cgi?id=1905581 common/compat.c | 25 +++++++++++++++++++------ common/library.c | 9 +++++++++ 2 files changed, 28 insertions(+), 6 deletions(-) commit a91266ef087532e2332c75c4fd9244df66f30b64 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-18 meson: Link trust/client modules explicitly to -ldl This adds the -ldl link flag missing in the meson build, but present in the autotools build. Although the use-case is unlikely, this allows those modules to be linked as a normal shared library to a program. p11-kit/meson.build | 1 + trust/meson.build | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) commit 507c394cfcf4edffc5e4450c5d737e545c26b857 Author: Daniel Engberg <daniel.engberg.lists@pyret.net> Date: 2020-12-12 p11-kit/lists.c: Add stdint.h to fix compilation Add stdint.h otherwise compilation fails on FreeBSD 13-CURRENT with "use of undeclared identifier 'SIZE_MAX'" Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> p11-kit/lists.c | 1 + 1 file changed, 1 insertion(+) commit 7f032183dfd36c1f91d2400ceb5bbc90376a310c Author: David Cook <divergentdave@gmail.com> Date: 2020-11-14 Follow-up to arithmetic overflow fix Check if nmemb is zero in p11_rpc_message_alloc_extra_array to avoid a division by zero trap. Additionally, change the reallocarray compatibility shim so that it won't assert when resizing an array to zero, and add the same nmemb != 0 check there. common/compat.c | 4 ++-- p11-kit/rpc-message.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 6c1c94bd2360f5778beb397ba5508d5084b7f0ee Author: David Cook <divergentdave@gmail.com> Date: 2020-11-07 Check for arithmetic overflows before allocating p11-kit/iter.c | 4 ++-- p11-kit/lists.c | 2 ++ p11-kit/proxy.c | 2 +- p11-kit/rpc-message.c | 13 +++++++++++++ p11-kit/rpc-message.h | 4 ++++ p11-kit/rpc-server.c | 8 ++++---- trust/index.c | 4 ++-- 7 files changed, 28 insertions(+), 9 deletions(-) commit 7625cfcebccf1c02d17e9295e1d883ea688ea264 Author: David Cook <divergentdave@gmail.com> Date: 2020-11-07 Check attribute length against buffer size If an attribute's length does not match the length of the byte array inside it, one length was used for allocation, and the other was used for memcpy. This additional check will instead return an error on malformed messages. p11-kit/rpc-message.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 69d751ca9df9ac101adfb1e5aa7e83e3358106ba Author: David Cook <divergentdave@gmail.com> Date: 2020-11-06 Fix bounds check in p11_rpc_buffer_get_byte_array This bounds check should be using off, not *offset, because it has been advanced four bytes from reading a uint32 earlier in the function. Additionally, the pointer that is returned is computed using off, not *offset. p11-kit/rpc-message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bb3a3cb1cb4ae8341fa1cf1cc4e9f282c7c74b76 Author: David Cook <divergentdave@gmail.com> Date: 2020-11-06 Fix buffer overflow in log_token_info The utcTime field in CK_TOKEN_INFO is not null terminated, so a length must be provided when copying it. This call to p11_buffer_add with a length of -1 was reading past the end of the string, and off the end of the stack. p11-kit/log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ee45d7df8cbd28b1a5cc6304c7d420ca94afb145 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-11-28 common: Don't assume __STDC_VERSION__ is always defined Old compilers may not define __STDC_VERSION__: https://sourceforge.net/p/predef/wiki/Standards/ Reported by dirkf in: https://github.com/p11-glue/p11-kit/issues/337 common/compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f60d22f8cadc4f9b40aa3ee00ab575a8f5a00f74 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-03 compat: getauxval: correct compiler macro for FreeBSD It should be __FreeBSD__ instead of __FREEBSD__: https://sourceforge.net/p/predef/wiki/OperatingSystems/ common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 255a6a01f383db7c4c510f22c20db6e7011d38b1 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-03 compat: fdwalk: add guard for Linux specific local variables common/compat.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit dfb85f5e8d84d3bd55d4a735aea2e642b8c00a5e Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-03 meson: Add missing libtasn1 dependency trust/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1895415899d1a578f3e64682a8f1ce8a52a9394f Author: Daiki Ueno <ueno@gnu.org> Date: 2020-12-02 travis: Add freebsd build .travis.yml | 1 + .travis/freebsd/after_failure.sh | 3 +++ .travis/freebsd/before_install.sh | 5 +++++ .travis/freebsd/script.sh | 6 ++++++ 4 files changed, 15 insertions(+) commit 7e7f5b1a02f7fc67313289bde347739ff5438c4a Author: Daiki Ueno <ueno@gnu.org> Date: 2020-11-06 anchor: Prefer persistent format when storing anchor When a new certificate is stored with "trust anchor --store" from a .p11-kit file, the command treated it as a PEM file, while it should preserve extra fields in the file. trust/anchor.c | 7 ++++--- trust/test-extract.sh | 27 ++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 6 deletions(-) commit bd7702ff1b4e154e643a444746c5023fed6116ee Author: Daiki Ueno <ueno@gnu.org> Date: 2020-11-29 travis: Run "make check" along with "make distcheck" for coverage .travis/autotools/script.sh | 5 +++++ 1 file changed, 5 insertions(+) commit 550bb23fc2edc9b5704ffd7d7bfd301627418ea4 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-11-29 travis: Use python3 as the default Python interpreter .travis/autotools/after_success.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ea0528177b2a4faaa3b28f93e64162ead5d54ccd Author: Daiki Ueno <ueno@gnu.org> Date: 2020-11-29 travis: Route to Ubuntu 20.04 base image Fedora 33 image doesn't work well under the the default image based on Ubuntu 16.04. .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) commit 6ea0ff7be226b4b1cd0eef0a127d48298ead5393 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-11-07 meson: Set -fstack-protector for MinGW64 cross build This fixes CI failures caused by: https://sourceforge.net/p/mingw-w64/bugs/818/ build/cross_file_mingw64.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e1899c41220aa5a2dbb373d5ce740b25ef4fd384 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-11-27 meson: expand ternary operator in function call for compatibility While the minimum version requirement of meson is 0.49, the current meson.build causes the parser crash, because of the use of a ternary operator inside a function call: https://github.com/mesonbuild/meson/issues/5003 meson.build | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 8e58477c68c77ef2c29a3fc7d728220929c0996f Author: Daiki Ueno <ueno@gnu.org> Date: 2020-11-20 meson: Use custom_target for generating external XML entities configure_file() adds a trailing newline, and thus the resulting document contains unwanted spaces between the resolved entities and the following text. Instead, use custom_target() along with 'echo -n' to generate the XML entity files. doc/manual/meson.build | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) commit 75fd5515553a299831099a0a5ec98afc441d0cf9 Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Date: 2020-11-16 meson: Allow building manpages without gtk-doc Fixes https://github.com/p11-glue/p11-kit/issues/331 doc/manual/meson.build | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) commit ce66cf00b6b207c1d452af23cb062ca0adf57dac Author: Alexander Sosedkin <asosedkin@redhat.com> Date: 2020-10-27 Rename is_path_component to is_path_separator Thanks to Daiki Ueno for noticing the misnaming. common/path.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) commit e5a1f444b7d299e77dd57862f3cc5783e697a10e Author: Alexander Sosedkin <asosedkin@redhat.com> Date: 2020-10-27 Use is_path_component in one more place common/path.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1eac9a1c41828d5da4b640746e0002c7ab964e8e Author: Alexander Sosedkin <asosedkin@redhat.com> Date: 2020-10-27 Remove more duplicate separators in p11_path_build Makes p11_path_build remove duplicate separators more thoroughly, e.g., after a "" or in the first argument. common/path.c | 26 +++++++++++++++++++------- common/test-path.c | 22 ++++++++++++++++++++++ 2 files changed, 41 insertions(+), 7 deletions(-) commit de661c41a1e7e52296c91b9caa0bff8e4885c751 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-10-22 common: Fix infloop in p11_path_build If p11_path_build is called with 2 or more arguments and the non-first argument is an empty string (""), it previously fell into an infloop. Reported by Karel Srot. common/path.c | 4 +++- common/test-path.c | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) commit 47fabc2366d917e255241c41a6cfc179af372644 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-10-04 Use inclusive language on certificate distrust bash-completion/trust | 2 +- build/certs/Makefile | 2 +- common/pkcs11x.h | 2 +- doc/manual/p11-kit-devel.xml | 2 +- doc/manual/p11-kit-trust.xml | 8 +-- doc/manual/trust.xml | 24 ++++----- trust/builder.c | 6 +-- trust/enumerate.c | 60 ++++++++++----------- trust/enumerate.h | 6 +-- trust/extract-openssl.c | 2 +- trust/extract.c | 8 +-- .../input/{blacklist => blocklist}/self-server.der | Bin trust/list.c | 6 +-- trust/oid.h | 11 ++-- trust/parser.c | 18 +++---- trust/parser.h | 2 +- trust/test-enumerate.c | 6 +-- trust/test-extract.sh | 16 +++--- trust/test-openssl.c | 4 +- trust/test-parser.c | 4 +- trust/test-token.c | 16 +++--- trust/token.c | 16 +++--- 22 files changed, 110 insertions(+), 111 deletions(-) commit 0a1263a41d4c482f50aa5c4643f9de38fda44bbd Author: Daiki Ueno <ueno@gnu.org> Date: 2020-10-05 proxy: C_CloseAllSessions: Make sure that calloc args are non-zero This prevents efence warning if either of the calloc arguments is zero. While it is is safe on glibc systems, POSIX says the behavior is implementation-defined. Reported by Paul Wouters. p11-kit/proxy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 08fcec713c1d3038f706d049910bd13a8c811fb5 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-10-05 build: Use calloc in a consistent manner common/dict.c | 6 +++--- p11-kit/proxy.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit 565ba5d6de58d4b210435b786ae0d753e044901c Author: John Hein <dkeabg7vp4@snkmail.com> Date: 2020-09-23 meson: Allow override of default bashcompdir. Fixes meson regression (issue #322). Pass -Dbashcompdir=/xxx to meson. bash-completion/meson.build | 16 ++++++++++------ meson_options.txt | 4 ++++ 2 files changed, 14 insertions(+), 6 deletions(-) commit 56251aa50783cdd465877d28c8f017ae16c61f79 Author: Tavian Barnes <tavianator@tavianator.com> Date: 2020-09-06 common: Check for a NULL locale before freeing it If newlocale() fails, (locale_t) 0 ends up being passed to freelocale(), resulting in a segfault when the library is unloaded. common/library.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2c40a4a55efa8c1bce0f7aadd5135be705565610 Author: Anders Kaseorg <andersk@mit.edu> Date: 2020-08-30 p11_test_copy_setgid: Skip setgid tests on nosuid filesystems Some build environments build packages from a build directory mounted nosuid, causing p11_test_copy_setgid to fail. Skip the test in this case. Signed-off-by: Anders Kaseorg <andersk@mit.edu> common/test.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 8b5a10e7ed74b6839e5e415d47b263d26c63e572 Author: Rosen Penev <rosenp@gmail.com> Date: 2020-08-27 unix-peer: replace incorrect include1 Fixes musl warning: warning: #warning redirecting incorrect #include <sys/errno.h> to <errno.h> [-Wcpp] common/unix-peer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a26d0b052c32fbd9c7ef468bd4188fa8fa03499a Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-21 test-compat: Skip getprogname test if BUILDDIR contains a symlink common/test-compat.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 7f59a79179b978e867c9def56475bfb877024312 Author: Xℹ Ruoyao <xry111@mengyan1223.wang> Date: 2020-08-19 add trust-extract-compat into EXTRA-DIST trust/Makefile.am | 1 + 1 file changed, 1 insertion(+) commit 1a21df391691d9a9c7b5ebc77022385f7feb266b Author: Xℹ Ruoyao <xry111@mengyan1223.wang> Date: 2020-08-19 meson: install trust-extract-compat trust/meson.build | 3 +++ 1 file changed, 3 insertions(+) commit 49e9b47c9546525e29b25c707068770e12add45f Author: Xℹ Ruoyao <xry111@mengyan1223.wang> Date: 2020-08-19 rename trust-extract-compat.in to trust-extract-compat There is no substitution in this file, so it's unnecessary to have a .in file. configure.ac | 1 - trust/{trust-extract-compat.in => trust-extract-compat} | 0 2 files changed, 1 deletion(-) commit fd8b56f3ee971f94dc6fc95411fc01e1c12153ab Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-18 autotools: Fix SUFFIXES usage SUFFIXES must be defined in the top-level Makefile.am, when non-recursive make is used. Makefile.am | 2 ++ p11-kit/Makefile.am | 2 +- trust/Makefile.am | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) commit 3c1304caae967b7cca40aae70c47c7f5138ea945 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-18 Release 0.23.21 NEWS | 6 ++++++ configure.ac | 2 +- meson.build | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) commit 43961d4e9bdceee241ce25877aad327d4daa5a10 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-18 packit: Adjust to doing propose-update through /packit comment .packit.yaml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) commit b40f27af28406810d0f42a29b98086fb02173f0c Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-18 README.md: Fix whitespace problem README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 76f94b4ad111c4150a16d36aafd30ab8aa274a68 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-18 conf: Add internal option to forcibly enable user config Some tests need user config enabled, though it is disabled under certain conditions (e.g., running as root) and makes those tests fail. p11-kit/conf.c | 5 ++++- p11-kit/test-conf.c | 7 +++++++ p11-kit/test-deprecated.c | 4 ++++ p11-kit/test-modules.c | 4 ++++ p11-kit/test-transport.c | 4 ++++ 5 files changed, 23 insertions(+), 1 deletion(-) commit 46c2ff05bf92e73735575aeb8bb9b9bec545f33c Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-18 SECURITY.md: Split from README.md README.md | 17 +---------------- SECURITY.md | 5 +++++ 2 files changed, 6 insertions(+), 16 deletions(-) commit da01718924623c1502eb45b7c946d6df798ea1be Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-18 README.md: Add LGTM badges README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit adbb94ea3ec3c39b71c05eff8ef86cc85a075955 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-15 trust: Remove generated *.asn.h files from repository .gitignore | 1 + configure.ac | 1 + trust/Makefile.am | 25 ++-- trust/basic.asn.h | 13 -- trust/meson.build | 43 +++--- trust/openssl.asn.h | 26 ---- trust/pkix.asn.h | 366 ---------------------------------------------------- 7 files changed, 45 insertions(+), 430 deletions(-) commit 015fe112def654cac562b85ca864dc279ca4e897 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-15 uri: Limit characters in vendor query attribute names p11-kit/uri.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 6f58217fd0590a52137b0d350d07cb4408a1bd77 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-15 compat: Define static assertion macro common/compat.h | 7 +++++++ p11-kit/rpc-message.c | 8 ++------ 2 files changed, 9 insertions(+), 6 deletions(-) commit 4e597e1858a3842798e8400eb2ac886612c1c6bf Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-14 rpc-transport: Remove pointless FIXME comments Those actually shouldn't be closed. p11-kit/rpc-transport.c | 2 -- 1 file changed, 2 deletions(-) commit d3dc234ce2ff08d0d7f29b4c464fb5a3406c341d Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-14 trust: p11_index_snapshot: Remove redundant integer range check trust/index.c | 3 --- 1 file changed, 3 deletions(-) commit 4e9ca11deaab88f1297c812af55dfb0036d1e207 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-14 build: Add header guards Signed-off-by: Daiki Ueno <ueno@gnu.org> common/init.h | 5 +++++ 1 file changed, 5 insertions(+) commit a88e7c1cc9b23f1310f3dd1a6922e270aed524eb Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-14 common/frob-getprogname: Avoid shadowing function parameter Signed-off-by: Daiki Ueno <ueno@gnu.org> common/frob-getprogname.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d70d572610cd3ec7e246e898e93300615a02b267 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-14 server: Avoid shadowing global variable p11-kit/server.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) commit 82374159ca3a5c0c252b2862a32dd96baeee1812 Author: David Halls <dahalls@gmail.com> Date: 2019-12-14 If server returns already initialized, don't mark as not initialized p11-kit/rpc-client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 15f15549bf41dfe665583d4c1fe316a524939075 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-02 common: Get program name based on executable path if possible Some programs (e.g., Chromium) pack command line arguments into argv[0]. Check if it is the case by reading /proc/self/exe and extract the program name. Logic borrowed from: <https://github.com/mesa3d/mesa/commit/759b94038987bb983398cd4b1d2cb1c8f79817a9>. .gitignore | 1 + common/Makefile.am | 7 +++ common/compat.c | 29 +++++++++++ common/frob-getprogname.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++ common/meson.build | 5 ++ common/test-compat.c | 15 ++++++ 6 files changed, 177 insertions(+) commit d10c5a35695df82f81f22c1e7d026be07c21aec5 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-02 trust: Avoid uninitialized variable in session_for_store_on_module This suppresses the cppcheck error: trust/anchor.c:243,error,uninitvar,Uninitialized variable: count Also fixes calloc invocation when the slot count is 0. trust/anchor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e4f65d88076bf915dd969efd03b7d994196b7fa9 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-02 test: Avoid uninitialized variable This suppresses the cppcheck error: p11-kit/test-deprecated.c:481,error,uninitvar,Uninitialized variable: manufacturerID p11-kit/test-deprecated.c | 1 + 1 file changed, 1 insertion(+) commit 5b6c66ec1121527a5db4339ff509a8fe6fdbc262 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-02 mock: Avoid uninitialized variable in test_find_objects This suppresses the cppcheck errors: p11-kit/test-mock.c:769,error,uninitvar,Uninitialized variable: count p11-kit/test-mock.c:776,error,uninitvar,Uninitialized variable: count p11-kit/test-mock.c:783,error,uninitvar,Uninitialized variable: count p11-kit/test-mock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6242c67ed70ee95174267259ca804fd671725d91 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-08-02 constants: Tighten handling of failure case in lookup_info This suppresses the cppcheck error: common/constants.c:649,error,invalidFunctionArg,Invalid bsearch() argument nr 3. The value is -1 but the valid values are '0:'. common/constants.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 5e98a5471fa9cf136e092c279c72ff53ddebf76d Author: Kai Takahashi <www.carrotsoft@gmail.com> Date: 2020-08-02 Avoid using setenv() for MinGW users. Signed-off-by: Kai Takahashi <www.carrotsoft@gmail.com> common/tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 714b216bbbaecf188685dddd98dd184e6c2721f4 Author: Albert Chin-A-Young <china@thewrittenword.com> Date: 2020-07-25 p11-kit/modules.c: Avoid passing 0 as first argument to calloc(). Solves an issue #303 for AIX. p11-kit/modules.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7f5ef7c04a24ede94a31a7e7820d9d03b9522bd5 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-06-12 anchor: Exit with non-zero code, if any error occurs Suggested by Nikos Mavrogiannopoulos in: https://github.com/p11-glue/p11-kit/issues/300 trust/anchor.c | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) commit 51cd2fdd844772eae874e1d6060a8cae6ad15760 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-06-12 tool: Don't override P11_KIT_DEBUG if it is already set common/tool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a9e5fe3968759f4b4e7948c231917ffda18f0c7b Author: Daiki Ueno <ueno@gnu.org> Date: 2020-06-12 tool: Print messages by default common/tool.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 71fdb9f5c4362c00bd9684793775f8ccc7ba6166 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-06-12 debug: Remove unused debug_inited flag common/debug.c | 2 -- 1 file changed, 2 deletions(-) commit 56be8eae5cc337659eaddb07c502e901be8db203 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-06-12 meson: Fix typo doc/manual/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 47e0c1fec418df1bbf2a056f1e983b64e3e23df0 Author: Daiki Ueno <ueno@gnu.org> Date: 2020-05-30 trust/*.asn: Drop standard types trust/basic.asn.h | 2 +- trust/openssl.asn | 3 -- trust/openssl.asn.h | 8 ++--- trust/pkix.asn | 26 -------------- trust/pkix.asn.h | 102 ++++++++++++++++------------------------------------ 5 files changed, 34 insertions(+), 107 deletions(-) commit adf2685b23b8a631e8092aaf707cd1bcf7b230bb Author: Daiki Ueno <dueno@redhat.com> Date: 2020-05-17 README.md: Fix typo README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7eb041e573a5dd55cea97427ab1807772c0a7c83 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-05-17 README.md: Revamp and add build instruction Also mention the required options for local installation. Suggested by Andrew Johnson in: https://github.com/p11-glue/p11-kit/issues/295 README.md | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) commit 4ea7cf7e819bbf8415a2aad2c99e7aa0f7fa143d Author: Daiki Ueno <dueno@redhat.com> Date: 2020-05-17 meson: Add option to control bash-completion installation bash-completion/meson.build | 2 +- meson_options.txt | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) commit e0053798510a56057b7a77bb3c59e68725888200 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-04-13 test-token: Check if the path is actually writable Instead of assuming a normal user cannot write to "/", this creates an unwritable directly and checks if it is writable; otherwise the test case is skipped. Reported by Jeffrey Walton in: https://github.com/p11-glue/p11-kit/issues/288 trust/test-token.c | 63 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 14 deletions(-) commit c1c71b03e08ffb9384438e7f94b1b8f699dce2cd Author: Daiki Ueno <dueno@redhat.com> Date: 2020-04-13 test: Make p11_test_{skip,todo} actually work common/test.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 825fd4e4526589eb73a54ada18127196fb65fde3 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-04-13 meson: Add option to disable building test programs Suggested by Daniel Engberg in: https://github.com/p11-glue/p11-kit/issues/285 common/meson.build | 88 +++++++++--------- meson_options.txt | 4 + p11-kit/meson.build | 252 +++++++++++++++++++++++++++------------------------- trust/meson.build | 148 +++++++++++++++--------------- 4 files changed, 256 insertions(+), 236 deletions(-) commit 3de74dc6d916ce3dd2f76f0403be189387fe4d89 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-04-13 meson: Add option to disable NLS support Suggested by Daniel Engberg in: https://github.com/p11-glue/p11-kit/issues/284 meson.build | 4 +++- meson_options.txt | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) commit 99aa8329841b986380cc4f515d57f118f40158c4 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-04-13 test-rpc: Suppress compiler warning on ILP32 platforms On ILP32 platforms CK_ULONG is 32-bit and 64-bit values are truncated. This patch determins the usable value from SIZEOF_UNSIGNED_LONG. Also, for consistency, use UINTxx_MAX for other accessors. Reported by Jeffrey Walton in: https://github.com/p11-glue/p11-kit/issues/289 p11-kit/test-rpc.c | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) commit 3eb79b75c2ee9870352fe4acc1ef6c8783364800 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-02-07 rpc: Add missing null checks in attribute value serializers To get the length of an attribute value, the client calls C_GetAttributeValue with attr->pValue set to NULL and attr->ulValueLen set to -1. In the RPC level, this is already indicated with a 'validity' flag, but there were a couple of places where attr->pValue is non-NULL. This was uncovered by: https://bugzilla.redhat.com/show_bug.cgi?id=1766340 p11-kit/rpc-message.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) commit 04cbdcf546f88d666fcb214ce42e777fa7840732 Author: Alvin Chen <sonoma001@gmail.com> Date: 2020-03-02 Update pkcs11 header to allow TPM2-PKCS11 to compile common/pkcs11.h | 2 ++ 1 file changed, 2 insertions(+) commit 51c0781410cb1292d7efbafee23ee5876c9bd2e4 Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Date: 2020-02-18 test-proxy: Add test for slot ID reuse The test covers a case where duplicate slots IDs were assigned to two different slots in the mapping. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> p11-kit/Makefile.am | 7 ++- p11-kit/meson.build | 3 +- p11-kit/mock-module-ep8.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/test-proxy.c | 39 ++++++++++++++++ 4 files changed, 157 insertions(+), 2 deletions(-) commit c8f8053edc9098fdb36fbb34165b8d92ed596798 Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Date: 2020-02-17 proxy: Fix slot ID reuse, avoiding duplicating IDs Previously, when re-mapping the slots, a slot ID could be assigned to more than one device, causing errors when searching for the right mapping (it would use the first found). Also assign new slot IDs for new found slots, avoiding previously used slot IDs. The last assigned slot ID is stored in the proxy structure in a new added field last_id. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> p11-kit/proxy.c | 56 +++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 19 deletions(-) commit da22fd9f2a54d707db7f3021f22416b4af496ae8 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-30 packit: Enable Fedora package building with Packit .packit.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit 762cdaa2cd5c5ec09cc844f9a6bdc551c7f6c8ed Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-29 Release 0.23.20 NEWS | 3 +++ configure.ac | 2 +- meson.build | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) commit ab180d64b909594bdafc9596f67a1913275c6474 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-29 Revert "Fix RPC calls: ATTRIBUTE buf not null but length 0" This reverts commit 65409c0ebd5d9a4aaf55254256dcc878862a0be1. p11-kit/rpc-message.c | 8 +------- p11-kit/rpc-server.c | 22 +++------------------- 2 files changed, 4 insertions(+), 26 deletions(-) commit 17a26f0948944635453a54d44c2565ed7ba91a14 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-29 Revert "Fix RPC calls: BYTE buffer not null and length 0" This reverts commit 8cb21a6a09d18156c9002b97687e5ac0bfa0fc92. p11-kit/rpc-client.c | 2 +- p11-kit/rpc-message.c | 6 ++---- p11-kit/rpc-message.h | 3 +-- p11-kit/rpc-server.c | 7 ++----- 4 files changed, 6 insertions(+), 12 deletions(-) commit 83aaa2200bfa141b0c9e1c4f5af98252f8e826cc Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-29 Revert "Fix C_GetSlotList() when length is 0" This reverts commit 1ede9b8d33c4bc9a4194ffca22ac6d7351f6bcf5. It turned out that this breaks compatibility of the RPC protocol. The right fix to the original issue would be probably to add a new call ID associated with a different signature and add a fallback mechanism in both client and server. p11-kit/rpc-client.c | 2 +- p11-kit/rpc-message.c | 6 ++---- p11-kit/rpc-message.h | 3 +-- p11-kit/rpc-server.c | 7 ++----- p11-kit/test-server.c | 36 ------------------------------------ 5 files changed, 6 insertions(+), 48 deletions(-) commit 69a420aaa70af5b89508b5140edb0ee4e166605b Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-21 Release 0.23.19 NEWS | 9 +++++++++ configure.ac | 2 +- meson.build | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) commit 251dfdfd765e709b7d54420c685e19f70a5e9803 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-22 travis: Tighten autotools build steps .travis/autotools/script.sh | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) commit e9dbeeea96b0b709631d1b6d62f9877f4872993b Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-22 travis: Do 'make distcheck' in autotools build .travis/autotools/script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2a1ee21ca31a62274e0932572f972bf3340f8bde Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-21 build: Add --with-bash-completion configure option This is needed for 'make distcheck' to not install those files in the system locations. Makefile.am | 1 + configure.ac | 12 +++++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) commit cee7c2ad81d21795783ec28a67247cff740de2ce Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-21 build: Only distribute XZ-compressed tarballs configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5092f8dd5463b89642e29ca5ae7ea08aa30d5d66 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-21 build: Add more files to .gitignore .gitignore | 2 ++ 1 file changed, 2 insertions(+) commit a96af650e1ac2f5faecc9354ac30d128a7e93b9f Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-21 meson: Expose only C_GetFunctionList from the mock modules p11-kit/meson.build | 4 ++++ 1 file changed, 4 insertions(+) commit ba3c7d16760d177be43960c9eb9572817c60c4df Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-21 mock: Handle memory allocation error in C_Initialize common/mock.c | 4 ++++ 1 file changed, 4 insertions(+) commit 62b09608e3a311c8b8ae924805f936f8af593bfa Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-15 meson: Use cc.has_type for types instead of cc.has_header_symbol meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 45cd66e3a16f0102a50f33ebb4a58aac09f40f92 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-15 meson: Check if <stdbool.h> exists meson.build | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 5fe875dc598e2dc50ba8e888099c116fe12999d3 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-15 meson: Check program_invocation_short_name declaration Pointed by Rosen Penev in #268. meson.build | 5 +++++ 1 file changed, 5 insertions(+) commit 869b657c7bfbd2f91331d5aabcf572cba6043d37 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-15 meson: Check endianness meson.build | 4 ++++ 1 file changed, 4 insertions(+) commit 1f8d523e5db688deff13329b4cba1dd6181d76a3 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-15 build: Fix type mismatch in reallocarray usage common/attrs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1def8077a2bc1fc2a6bd3685a9d94a9a51f40e23 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-10-31 trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER These new attributes are introduced in: https://bugzilla.mozilla.org/show_bug.cgi?id=1465613 The value of the attribute can be either false (represented as a single octed "\x00"), or a UTCTime in a restricted form (i.e., "YYMMDDHHMMSSZ"). For future proof, we also support GeneralizedTime in the form "YYYYMMDDHHMMSSZ". common/constants.c | 2 ++ common/pkcs11x.h | 2 ++ trust/builder.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/test-builder.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 157 insertions(+) commit e8b453383ace97fc1adfc213dc718e7b62fafd96 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-14 build: Remove auto-generated gettext files from repository po/en@boldquot.header | 25 ------------------------- po/en@quot.header | 22 ---------------------- po/insert-header.sin | 23 ----------------------- po/remove-potcdate.sin | 19 ------------------- 4 files changed, 89 deletions(-) commit 8d92053df8a2bfed89a6f3e835386e13c7f95b61 Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-14 build: Use AM_GNU_GETTEXT_REQUIRE_VERSION AM_GNU_GETTEXT_REQUIRE_VERSION was introduced a while back to instruct autopoint to pull the latest version of gettext infrastructure. Use it instead of hacking around gettextize call in autogen.sh. autogen.sh | 13 ------------- configure.ac | 4 ++++ 2 files changed, 4 insertions(+), 13 deletions(-) commit 5bb71e914532b8350dfc14697c4fa89e714e5812 Author: David Woodhouse <dwmw@amazon.co.uk> Date: 2020-01-06 rpc: Add vsock transport This allows PKCS#11 remoting between virtual machines, so a software token can be isolated into a microVM. common/Makefile.am | 1 + common/meson.build | 3 +- common/vsock.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++++ common/vsock.h | 46 ++++++++++++++++++ configure.ac | 15 ++++++ meson.build | 9 ++++ p11-kit/rpc-transport.c | 97 ++++++++++++++++++++++++++++++++++++++ p11-kit/server.c | 118 ++++++++++++++++++++++++++++++++++++++++------ 8 files changed, 395 insertions(+), 16 deletions(-) commit 877de5fadaf0067272e8d0eb24893d7c823afe08 Author: David Woodhouse <dwmw@amazon.co.uk> Date: 2020-01-06 rpc: Check for socket init failure In some cases, rpc_unix_init() or rpc_exec_init() can return NULL but p11_rpc_transport_new() doesn't check and may dereference it. p11-kit/rpc-transport.c | 2 ++ 1 file changed, 2 insertions(+) commit 96af147637f0dc10792c3abdcec1894c361229da Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-09 build: Suppress cppcheck false-positive on tracking array length p11-kit/proxy.c | 2 ++ 1 file changed, 2 insertions(+) commit e931efd17950786ee61cbfc70ddf94d02ae473ba Author: Daiki Ueno <dueno@redhat.com> Date: 2020-01-08 build: Fix realloc usage As realloc() doesn't touch the original memory block, we need to use a local variable to avoid potential memory leak in failure cases. Pointed by David Woodhouse. common/attrs.c | 6 ++++-- p11-kit/filter.c | 9 +++++---- p11-kit/iter.c | 20 ++++++++++++++------ p11-kit/proxy.c | 7 +++++-- trust/index.c | 12 ++++++++++-- 5 files changed, 38 insertions(+), 16 deletions(-) commit 6563ad8ececec05f2b6269b509d4e12c07d2a87e Author: Daiki Ueno <dueno@redhat.com> Date: 2019-10-26 CONTRIBUTING.md: Mention contribution rules and coding style CONTRIBUTING.md | 35 +++++++++++++++++++++++++++++++++++ HACKING | 16 ---------------- Makefile.am | 2 +- 3 files changed, 36 insertions(+), 17 deletions(-) commit 65409c0ebd5d9a4aaf55254256dcc878862a0be1 Author: Vincent JARDIN <vjardin@free.fr> Date: 2019-10-22 Fix RPC calls: ATTRIBUTE buf not null but length 0 Let's add a support for cases when the buffer != NULL but the length is 0. According to Oasis, buffer = NULL and length = 0 means a query of the length so the subsequent calls with a buffer != NULL should fill then buffer when length is long enough. If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL. See the previous commit for IN_ULONG_BUFFER(). This patch is follow a similar design pattern. Fix: issue #257 p11-kit/rpc-message.c | 8 +++++++- p11-kit/rpc-server.c | 22 +++++++++++++++++++--- 2 files changed, 26 insertions(+), 4 deletions(-) commit 8cb21a6a09d18156c9002b97687e5ac0bfa0fc92 Author: Vincent JARDIN <vjardin@free.fr> Date: 2019-10-22 Fix RPC calls: BYTE buffer not null and length 0 Let's add a support for cases when the buffer != NULL but the length is 0. According to Oasis, buffer = NULL and length = 0 means a query of the length so the subsequent calls with a buffer != NULL should fill buffer when length is long enough. If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL. This current fix is for IN_BYTE_BUFFER(), same for IN_ATTRIBUTE_BUFFER(). See the previous commit for IN_ULONG_BUFFER(). This patch is strictly using the same design pattern. Fix: issue #257 Suggested-by: Daiki Ueno <dueno@redhat.com> p11-kit/rpc-client.c | 2 +- p11-kit/rpc-message.c | 6 ++++-- p11-kit/rpc-message.h | 3 ++- p11-kit/rpc-server.c | 7 +++++-- 4 files changed, 12 insertions(+), 6 deletions(-) commit 1ede9b8d33c4bc9a4194ffca22ac6d7351f6bcf5 Author: Vincent JARDIN <vjardin@free.fr> Date: 2019-10-21 Fix C_GetSlotList() when length is 0 Let's add a support for cases when the buffer != NULL but the length is 0. According to Oasis, buffer = NULL and length = 0 means a query of the length so the subsequent calls with a buffer != NULL should fill buffer when length is long enough. If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL. This current fix is for IN_ULONG_BUFFER(), same should be applied for IN_BYTE_BUFFER() and for IN_ATTRIBUTE_BUFFER(). Include a test_no_slots() Fix: issue #257 Suggested-by: Daiki Ueno <dueno@redhat.com> p11-kit/rpc-client.c | 2 +- p11-kit/rpc-message.c | 6 ++++-- p11-kit/rpc-message.h | 3 ++- p11-kit/rpc-server.c | 7 +++++-- p11-kit/test-server.c | 36 ++++++++++++++++++++++++++++++++++++ 5 files changed, 48 insertions(+), 6 deletions(-) commit 9763fc8edcc5dd41e07ddf068dce6bc429dfe6b6 Author: Jakub Jelen <jjelen@redhat.com> Date: 2019-10-23 test-proxy: Implement reproducer for bad prefix list matching p11-kit/test-proxy.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 298ad811540c538fea1906528fe8cf8a6784e5ee Author: Jakub Jelen <jjelen@redhat.com> Date: 2019-10-23 modules: Implement correct search in list The current version of matching was failing, when the list contained also a searched string with some suffix, for example, when we ran from p11-kit and the p11-kit-proxy was first in the list and p11-kit later, it was not matched, because the test did not find a separator after the first match, decided that it does not match and did not try further. example program p11-kit example enable-in: p11-kit-proxy,p11-kit p11-kit/modules.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) commit 7c94eab51d08650eaa66184344325d42e812973c Author: Daiki Ueno <dueno@redhat.com> Date: 2019-10-23 autotools: Fix bash-completion installation Makefile.am | 13 ++++--------- configure.ac | 5 ++++- p11-kit/Makefile.am | 4 ++++ trust/Makefile.am | 4 ++++ 4 files changed, 16 insertions(+), 10 deletions(-) commit ef2716d18e1098effb8f3a90653c6264b2fec426 Author: Jakub Jelen <jjelen@redhat.com> Date: 2019-10-22 Install bash completion in the CI .travis/autotools/before_install.sh | 2 +- .travis/cppcheck/before_install.sh | 2 +- .travis/linux/before_install.sh | 2 +- .travis/osx/before_install.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) commit 387594893ee8d09267a7b788f3dae6905093d3c9 Author: Jakub Jelen <jjelen@redhat.com> Date: 2019-10-21 Add simple bash completion for provided commands Makefile.am | 8 ++++++ bash-completion/meson.build | 11 ++++++++ bash-completion/p11-kit | 19 +++++++++++++ bash-completion/trust | 67 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 7 +++++ meson.build | 1 + 6 files changed, 113 insertions(+) commit b879b9b8395d0a99dbc9b8ae8057dc84bdd551e6 Author: Jakub Jelen <jjelen@redhat.com> Date: 2019-10-22 configure: Fix typo to avoid errors during configure configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6b33efaa82848bac7fd73888963a106cf4c03151 Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Date: 2019-10-07 common: add Russian PKCS#11 extensions to pkcs11x.h header Add values defined to support Russian GOST cryptography to pkcs11x.h header. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> common/pkcs11x.h | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) commit a92894c80d880b6047327a276395b1f88fc733ee Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-30 autotools: Add more files from meson build in distribution Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b0ebe7555c291808db29377ba79cb8326301f0a6 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-30 autotools: Add more files from meson build in distribution p11-kit/Makefile.am | 7 +++++++ 1 file changed, 7 insertions(+) commit 3530d4946f9b9233bb0c132f3eda77c5f593fe9a Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-30 build: Fix 'make distcheck' Makefile.am | 3 ++- doc/manual/Makefile.am | 1 - p11-kit/Makefile.am | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) commit 25df8dfd2fac77d8c00d87a114d6d89dd945055f Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-30 Release 0.23.18 NEWS | 5 +++++ configure.ac | 2 +- meson.build | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) commit fde84c52f4ffd0b274ce92e5f935060e86f0a5f7 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-25 rpc: Allow empty CK_DATE value Unlike other data types, CK_DATE value may be empty (and that is the default). Treat it as a valid value and serialize/deserialize accordingly. Reported by Vincent JARDIN in: https://github.com/p11-glue/p11-kit/issues/244 p11-kit/rpc-message.c | 23 +++++++++++++---------- p11-kit/test-rpc.c | 23 +++++++++++++++++++++++ 2 files changed, 36 insertions(+), 10 deletions(-) commit df2b7b0a3c1ad3c6f54ff6c84ecc1f04976e65f7 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-18 build: Fix undefined behavior in left shift Spotted by UBSan. p11-kit/rpc-message.c | 2 +- trust/utf8.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 94179adeebb24f390cad6abed1f1f8f89c41f451 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-11 autotools: Use symbol versioning if possible The meson build already using it for: https://github.com/mesonbuild/meson/issues/3047 Suggested by Jan Alexander Steffens configure.ac | 3 +++ p11-kit/Makefile.am | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) commit 783bfcb40bafc7e2b64ec80a99add15112a2e8f9 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-11 build: Import ld-version-script.m4 from gnulib .gitignore | 1 + build/m4/ld-version-script.m4 | 48 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) commit 5240551119b99618aa4de95b88c1c2076d7ec87a Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-10 build: Add meson files in autotools distribution Makefile.am | 2 +- common/Makefile.am | 2 ++ doc/manual/Makefile.am | 1 + p11-kit/Makefile.am | 1 + trust/Makefile.am | 3 ++- 5 files changed, 7 insertions(+), 2 deletions(-) commit 201e9d838befb1e4641228a79212a37c81774e8f Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-13 travis: Run ninja install as root This is to avoid meson calling pkexec, which doesn't work inside docker. .travis/linux/script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 17b2edb1354c5d5080172af45ce55408c5e51d59 Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Date: 2019-09-10 meson: Add missing prefix to system path defines p11-kit/meson.build | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 64a7722aeab2eafcbc57c9145b3fb556e4b1a61b Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Date: 2019-09-10 meson: Install p11-kit-server units p11-kit/meson.build | 11 +++++++++++ 1 file changed, 11 insertions(+) commit e5b0dfc2aca0d22c123a85c6cab96772af1f85fb Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Date: 2019-09-10 meson: Build and install man pages doc/manual/meson.build | 185 +++++++++++++++++++++++++++++++------------------ meson.build | 5 +- meson_options.txt | 4 ++ 3 files changed, 122 insertions(+), 72 deletions(-) commit 901749a2039ce5b0e6388295d364b22b80c37e58 Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Date: 2019-09-10 meson: Don't prefix p11_user_config p11-kit/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b1d1fb011fad3e5b21665e6767fc267e0241ecf0 Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Date: 2019-09-10 meson: PKCS#11 modules should only export C_GetFunctionList p11-kit/meson.build | 10 ++++++++++ p11-kit/p11-module.def | 2 ++ p11-kit/p11-module.map | 6 ++++++ trust/meson.build | 6 +++++- 4 files changed, 23 insertions(+), 1 deletion(-) commit cc38f6aa61f6122f182d7099f5c88548b36a0843 Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Date: 2019-09-10 meson: Install p11-kit-client module p11-kit/meson.build | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit f2ee0a01272f4bbd018fb438344615cca8a74185 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-09 meson: Fix dictionary syntax Reported by Jan Alexander Steffens. doc/manual/meson.build | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f00183944fad943216ac5842f6b23ab5c4149e50 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-09 Release 0.23.17 NEWS | 8 ++++++++ configure.ac | 2 +- meson.build | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) commit 2dea838a5dc284db29b0f8558cd3e1f1822f47ed Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-09 uri: Supress cppcheck false-positive p11-kit/uri.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8db6d7eee38bbf1f511da6128d108a62833f84d0 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-09 uri: Check return value of insert_attribute p11-kit/uri.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit d6c88b4735284394e73ad0228559fc8aca948318 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-09-09 meson: Update project version meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ead7a4a28f0505aa5602877538ef8be9970245b2 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-07-07 build: Fix typo in checking program_invocation_short_name decl The decl should be in errno.h, not error.h. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 99cdf3dc86ec7148e08351b63d8ee5f2f2a7f4d3 Author: Rosen Penev <rosenp@gmail.com> Date: 2019-07-01 common: Fix uClibc-ng compilation program_invocation_short_name is const under uClibc-ng. configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5a89453fafab796d33c37dd6861c102fc28ebde2 Author: Alon Bar-Lev <alon.barlev@gmail.com> Date: 2019-07-01 trust: do not allow daylight to invalidate date validation Issue: 235 Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> trust/builder.c | 1 + 1 file changed, 1 insertion(+) commit 787888e181543f5a85eb69d6a3caf14f9a4262b2 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-19 build: Declare dependency chain between static libs in common In common/ there are sub-libraries namely libp11-common.a, libp11-library.a, libp11-tool.a, and libp11-test.a. All the latter 3 libs use the symbols from libp11-common.a, it would make sense to declare a dependency against it. common/meson.build | 17 ++++++----------- p11-kit/meson.build | 22 ++++++++++------------ trust/meson.build | 10 +++------- 3 files changed, 19 insertions(+), 30 deletions(-) commit eb5eb7aea7fc41a2c15d853cd57c7c030644f4ee Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-19 build: Make threads dependency more explicit common/meson.build | 6 ++++-- meson.build | 12 ++++-------- p11-kit/meson.build | 4 ++-- 3 files changed, 10 insertions(+), 12 deletions(-) commit daf1a84de39c4cdbd308c6a0b80b437689a222c7 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-02 .travis.yml: Use meson for building .travis.yml | 12 ++++++------ .travis/autotools/after_failure.sh | 3 +++ .travis/autotools/after_success.sh | 13 +++++++++++++ .travis/autotools/before_install.sh | 9 +++++++++ .travis/autotools/install.sh | 14 ++++++++++++++ .travis/autotools/script.sh | 12 ++++++++++++ .travis/linux/after_failure.sh | 2 +- .travis/linux/after_success.sh | 10 ++++------ .travis/linux/before_install.sh | 4 +++- .travis/linux/script.sh | 33 +++++++++++++++++++++++---------- build/cross_file_mingw64.txt | 18 ++++++++++++++++++ 11 files changed, 106 insertions(+), 24 deletions(-) commit 4f956698b64ac6eb8e5e8b7d143ceb11f1133814 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-05-15 build: Add meson build support This adds support for meson as an alternative build system. .dir-locals.el | 3 +- common/meson.build | 99 ++++++++++++ doc/manual/meson.build | 75 +++++++++ doc/manual/sysdir.xml.in | 1 + doc/manual/userdir.xml.in | 1 + doc/manual/version.xml.in | 1 + meson.build | 368 ++++++++++++++++++++++++++++++++++++++++++ meson_options.txt | 47 ++++++ p11-kit/gen-pkcs11-gnu.sh | 16 ++ p11-kit/gen-virtual-fixed.sh | 28 ++++ p11-kit/libp11-kit-0.dll.def | 101 ++++++++++++ p11-kit/libp11-kit.map | 105 ++++++++++++ p11-kit/meson.build | 299 ++++++++++++++++++++++++++++++++++ p11-kit/meson_post_install.sh | 15 ++ p11-kit/pkcs11-gnu.c | 3 + po/meson.build | 1 + trust/meson.build | 162 +++++++++++++++++++ 17 files changed, 1324 insertions(+), 1 deletion(-) commit 411a7a6d31cd5584ff9837260d77d8c306d3b557 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-01 trust: Fix mismatched return values trust/pem.c | 2 +- trust/x509.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 58481dbb0b0ee1384e62878283a398d96e0ff5f2 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-02 po: Remove en@{,bold}quot from LINGUAS po/LINGUAS | 2 -- 1 file changed, 2 deletions(-) commit cbdbfaaf255083091decc280058caa87db19aeb9 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-01 build: Don't hardcode module path Makefile.am | 4 +++- p11-kit/Makefile.am | 12 ++++++++---- p11-kit/test-deprecated.c | 2 +- p11-kit/test-init.c | 2 +- p11-kit/test-server.c | 12 ++++++------ p11-kit/test-server.sh | 4 +++- p11-kit/test-transport.c | 6 +++--- 7 files changed, 25 insertions(+), 17 deletions(-) commit 084347319f6e832ec2c36d7b27a64c8f2614f084 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-01 build: Move check_PROGRAMS into subdirectories .gitignore | 12 ++++++------ common/Makefile.am | 12 ++++++------ common/test-compat.c | 4 ++-- p11-kit/Makefile.am | 32 ++++++++++++++++---------------- p11-kit/test-conf.c | 2 +- p11-kit/test-messages.sh | 2 +- p11-kit/test-server.c | 4 ++-- p11-kit/test-server.sh | 4 ++-- p11-kit/test-transport.c | 6 +++--- 9 files changed, 39 insertions(+), 39 deletions(-) commit 6bebd5747aa49d4a124d23d4967f65a771799fe5 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-01 tests: Add tmpdir argument to p11_test_copy_setgid To prevent BUILDDIR being embedded in the library. common/test-compat.c | 4 ++-- common/test.c | 7 +++++-- common/test.h | 3 ++- p11-kit/test-conf.c | 2 +- 4 files changed, 10 insertions(+), 6 deletions(-) commit 51382cd59c89e862443421a9d697a709f2244f36 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-16 tests: Fix memleaks in test-jks.c trust/test-jks.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit 9c2022d292c00ccbe2413b53b7c91cf4ba4d7c14 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-03 tests: Skip tests calling getauxval(AT_SECURE) if binary is on /tmp common/test-compat.c | 5 +++-- p11-kit/test-conf.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) commit fd908a787cc868043067f5fab492f8e05b6d99ce Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-16 tests: Fix temp file permission before deleting On mingw64/wine, unlink fails if the file has no write bit. trust/test-module.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) commit 2b3581c234f0097a2598395d1e0012b4ddd9a5ba Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-17 tests: Don't assume / is not writable on Windows in test-token.c trust/test-token.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 6708ccf6126734b4d98cc849bc4542c45ffce191 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-15 conf: Skip root UID check on Windows p11-kit/conf.c | 2 ++ 1 file changed, 2 insertions(+) commit 1e8ca781b983cb31d62e21a3a61f25be1fcc694f Author: Daiki Ueno <dueno@redhat.com> Date: 2019-05-20 virtual: Rename virtual-fixed.c to virtual-fixed-generated.h Previously the generated .c file was included in another source file, which is not supported in some build systems (e.g., meson). .gitignore | 2 +- .travis/linux/after_success.sh | 2 +- p11-kit/Makefile.am | 6 +++--- p11-kit/virtual.c | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) commit 045d7546fc317deefc2d84d524a211ce6ab4869b Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-03 common: Make issetugid check simpler common/compat.c | 7 ++----- configure.ac | 16 +--------------- 2 files changed, 3 insertions(+), 20 deletions(-) commit bbb7f046ff430d33267487cb6f8a0e24d2eab832 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-06-02 common: Fix vasprintf emulation va_list must be saved when calling vsnprintf() in a loop. common/compat.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 5fc2d67b5ebb3daddb350d7ac60ede74dd99fcc6 Author: Simon Haggett <simon.haggett@gmail.com> Date: 2019-06-13 rpc: On UNIX wait on condition variable instead of FD if header is for a different thread. If rpc_socket_read() receives a header for a different thread, it tries to yield by releasing the read mutex and waiting on the socket's read FD. On Linux systems, this has been observed to cause a performance problem in cases where multiple threads are being used. Threads expecting a different header can rapidly unlock and relock the read mutex, as they resume when sock->read_code hasn't changed. This can result in contention on the read mutex, which delays the thread that is expecting to consume the header. This fix updates rpc_socket_read() on UNIX to wait on a condition variable instead of the socket's read FD. The condition variable is signalled when sock->read_code changes. This allows waiting threads to only resume once the header and payload have been consumed by their target thread. This fix only targets UNIX platforms, as the Windows version that p11-kit targets by default (Windows 2000) does not provide support for condition variables. Signed-off-by: Simon Haggett <simon.haggett@gmail.com> common/compat.h | 13 +++++++++++++ p11-kit/rpc-transport.c | 47 +++++++++++++++++++++++++++++++++++------------ 2 files changed, 48 insertions(+), 12 deletions(-) commit c689917b393379d288b868f70b2f7b7f6aafe430 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-05-23 tests: Avoid uninitialized value in test-proxy.c p11-kit/test-proxy.c | 4 ++++ 1 file changed, 4 insertions(+) commit 330148bef17a39075a0af5e446c9502bf3a225ff Author: Daiki Ueno <dueno@redhat.com> Date: 2019-05-22 build: Suppress compiler warning Remove unused "global" variable. p11-kit/proxy.c | 1 - 1 file changed, 1 deletion(-) commit 0eb1f6782c5315fc6b46861bc9f92a765e229e14 Author: Raphael Medaer <raphael@medaer.me> Date: 2019-05-22 doc: Add 'server' command in help 'server' is the last common command which is not in CLI help. IMHO, adding this small documentation could help to promote usage of pkcs11 forwarding. p11-kit/p11-kit.c | 1 + 1 file changed, 1 insertion(+) commit 9a546b4571f20b271058990e94833f35e4ec39c0 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-05-22 Release 0.23.16 NEWS | 10 ++++++++++ configure.ac | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) commit 381d16e651d5bcace316fbab4095c8dea8c43a92 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-05-16 proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified While fully implementing C_WaitForSlotEvent() would require a separate thread to monitor events, it is straightforward to implement the function if the CKF_DONT_BLOCK flag is given. Suggested by David Ward. p11-kit/Makefile.am | 7 ++++- p11-kit/mock-module-ep7.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/proxy.c | 64 +++++++++++++++++++++++++++++++++---------- p11-kit/test-proxy.c | 40 +++++++++++++++++++++++++++ 4 files changed, 166 insertions(+), 15 deletions(-) commit 68ce31aae9a22d18b28f4aa44b3e1006b7fe3aa7 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-05-17 conf: Ignore user configuration if the program is running as root Suggested by Bastien Nocera: https://bugzilla.redhat.com/show_bug.cgi?id=1688583 p11-kit/conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 58cede114664e839b53d923863bff604ce58b1a7 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-05-15 proxy: Refresh slot list on every C_GetSlotList call Previously, the proxy module calculated the slot list only once at the C_Initialize() call. That was causing a usability limitation when the user attaches HSM after starting an application. Suggested by David Ward. p11-kit/Makefile.am | 7 ++- p11-kit/mock-module-ep6.c | 76 ++++++++++++++++++++++++++++ p11-kit/proxy.c | 123 +++++++++++++++++++++++++++++----------------- p11-kit/test-proxy.c | 34 ++++++++++++- 4 files changed, 192 insertions(+), 48 deletions(-) commit 793cc3b78f17bb5a3c151eba1144b73a5d51be3e Author: Simon Haggett <simon.haggett@gmail.com> Date: 2019-03-12 modules: Fix index used in call to p11_dict_remove() This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use the correct index in the stolen array (i, rather than at). This avoids an assert, which was encountered on a host serving a PKCS#11 module to a remote Linux client. Signed-off-by: Simon Haggett <simon.haggett@gmail.com> p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cbe95e35f8309493094c93d882d0c18e8063f292 Author: Tom Sutcliffe <tomsci@me.com> Date: 2019-03-09 Fix Win32 p11_dl_error crash Caused by returning a buffer that wasn't allocated with malloc and needed to be freed with LocalFree() instead. The fix is to strdup msg_buf so what's returned can be free()d. common/compat.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 4a925177a81c2566d2a81a0a450607a5ff4d9048 Author: Stefano Garzarella <sgarzare@redhat.com> Date: 2019-02-27 modules: check gl.modules before iterates on it when freeing In some circumstances, as described in the BZ, can happen that free_modules_when_no_refs_unlocked() is called multiple times when the module destructor is invoked. We should check gl.modules before iterates on it in the free_modules_when_no_refs_unlocked() functions, to avoid a SIGSEGV. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963 p11-kit/modules.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit e2170b295992cb7fdf115227a78028ac3780619f Author: Daiki Ueno <dueno@redhat.com> Date: 2019-02-18 trust: Ignore unreadable content in anchors This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of failing C_FindObjectsInit, treat any errors internally and accumulates the successfully loaded certificates. Reported by Andrej Kvasnica in: https://bugzilla.redhat.com/show_bug.cgi?id=1675441 trust/module.c | 3 +-- trust/test-module.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 23 +++++++--------- 3 files changed, 88 insertions(+), 15 deletions(-) commit 2a474e1fe8f4bd8b4ed7622e5cf3b2718a202562 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-01-28 extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so that the test results are not affected by the envvar settings. trust/extract-jks.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1ba80c67c492f25581ed97c8c31ffb5f20636d06 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-01-14 Release 0.23.15 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit f277a1469aef05d3542e8ae9fd3f5dbadbe12463 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-01-11 pem: Fix assert condition If the PEM header is "-----BEGIN -----", *type should be an empty string and the parser shouldn't fail. Reported by Han Han in: https://bugzilla.redhat.com/show_bug.cgi?id=1665172 trust/pem.c | 2 +- trust/test-pem.c | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) commit bebf4f3442ea5cdaa3a9fa2d0fee366e7264a227 Author: Daiki Ueno <dueno@redhat.com> Date: 2019-01-09 test: Add test that exercises duplicated certs in JKS trust/extract-jks.c | 2 +- trust/fixtures/duplicated.jks | Bin 0 -> 2122 bytes trust/fixtures/duplicated1.der | Bin 0 -> 1010 bytes trust/fixtures/duplicated2.der | Bin 0 -> 1010 bytes trust/fixtures/multiple.jks | Bin 2556 -> 2567 bytes trust/test-jks.c | 58 ++++++++++++++++++++++++++++++++++++++--- 6 files changed, 55 insertions(+), 5 deletions(-) commit 7289639cf41df1840002e865bf700f50afec523c Author: Daiki Ueno <dueno@redhat.com> Date: 2019-01-09 trust: Fix alias generation in JKS extractor When there is a duplicate, the JKS extractor previously assigned somewhat obscure name "-<digit>" (not "<name>-<digit>"). trust/extract-jks.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5e6a92b67ddade14a54769b05cc717043bc56b78 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-12-25 trust: Continue parsing if the file cannot be read as persist format A corrupted file that contains "[p11-kit-object-v1]" can be a valid PEM certs file. Continue with the next format if it cannot be read as a persistent format. trust/parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4aa6ef9e82f6bb14746a47a7d56789d5e982a1f5 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-12-25 trust: p11_token_load: Treat parse error as failure Those conditions can happen when the trust file is corrupted, so it makes more sense to treat them as a failure instead of programmer error. trust/token.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit eb503f3a1467f21a5ecc9ae84ae23b216afc102f Author: Daiki Ueno <dueno@redhat.com> Date: 2018-12-25 trust: Fail if trust anchors are not loaded from a file If the trust path is a file, treat parse error as fatal and abort the C_FindObjectsInit call. trust/module.c | 11 ++++++++--- trust/token.c | 6 +++--- 2 files changed, 11 insertions(+), 6 deletions(-) commit 0dd62395788ae566d3adef967611bce214a04435 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-12-23 trust: Propagate library verbosity to module through init_args Previously, even when the -v option is used with the 'trust' command, the messages from p11-kit-trust.so module were suppressed because the verbosity setting is not propagated to the module. common/message.c | 8 ++++---- p11-kit/modules.c | 29 +++++++++++++++++++++++------ p11-kit/p11-kit.h | 3 ++- trust/enumerate.c | 11 +++++++++-- trust/module.c | 5 +++++ trust/p11-kit-trust.module | 4 ++++ 6 files changed, 47 insertions(+), 13 deletions(-) commit 95faa51a23fc416e718dbd740adfce31f642530b Author: Daiki Ueno <dueno@redhat.com> Date: 2018-12-29 build: Fix typo spotted by codespell ChangeLog | 2 +- NEWS | 8 ++++---- common/pkcs11.h | 2 +- common/test-lexer.c | 2 +- doc/manual/Makefile.am | 2 +- p11-kit/iter.c | 2 +- p11-kit/modules.c | 2 +- p11-kit/rpc-message.c | 6 +++--- p11-kit/rpc-server.c | 4 ++-- p11-kit/test-pin.c | 2 +- p11-kit/test-virtual.c | 2 +- trust/test-enumerate.c | 2 +- trust/test-parser.c | 2 +- trust/test-token.c | 4 ++-- trust/trust-extract-compat.in | 2 +- 15 files changed, 22 insertions(+), 22 deletions(-) commit 4ee6545d0188e495f195b7fe5abbe9cc382a626d Author: Jakub Jelen <jjelen@redhat.com> Date: 2018-12-06 doc: Make log-calls match the rest of the document style doc/manual/pkcs11.conf.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b9eceda29965af989ad2150082454ae353266fa5 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-11-23 build: Simplify assertions Let it leak memory when we assert, so not to confuse static analyzers as if this is the normal case. common/test.c | 6 ------ 1 file changed, 6 deletions(-) commit b92e8c7f5c082a55073903d53293e6aeecb9d0ed Author: Daiki Ueno <dueno@redhat.com> Date: 2018-11-22 travis: Add cppcheck profile .travis.yml | 4 ++++ .travis/cppcheck/after_failure.sh | 3 +++ .travis/cppcheck/before_install.sh | 9 +++++++++ .travis/cppcheck/install.sh | 14 ++++++++++++++ .travis/cppcheck/script.sh | 3 +++ 5 files changed, 33 insertions(+) commit d293fd54c754190da333496df070992e2d803a87 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-11-22 travis: Allow profile override .travis.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit f0c82b07f8b31a4b86de32436cb4f5053de16336 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-11-22 build: Suppress cppcheck errors common/test-tests.c | 2 ++ common/test.c | 4 ++++ p11-kit/server.c | 8 ++++++-- trust/test-bundle.c | 9 ++++++--- trust/test-openssl.c | 9 ++++++--- trust/test-save.c | 22 +++++++++++++++------- trust/test-trust.c | 4 +++- 7 files changed, 42 insertions(+), 16 deletions(-) commit 8287689158403090b5828a568b122b5b3a3ce987 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-22 tests: Ensure p11_proxy_module_cleanup is called Reported and suggested in #197. p11-kit/test-proxy.c | 2 ++ 1 file changed, 2 insertions(+) commit f758142178b4cc5c650dde75152bfb85ac992178 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-15 url: Prefer upper-case letters in hex characters when encoding This makes it more compliant with RFC 3986, where the use of upper-case letters is recommended (as "SHOULD"). Suggested by Sumit Bose. common/test-path.c | 2 +- common/test-url.c | 28 ++++++++++++++++++++++++++++ common/url.c | 24 +++++++++++++++++------- p11-kit/test-uri.c | 14 +++++++------- 4 files changed, 53 insertions(+), 15 deletions(-) commit e81f6af7ed3b39b8df0bb7ce150619ea8178d47c Author: Harald Hoyer <harald@redhat.com> Date: 2018-11-02 trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time For reproducible builds, accept a define timestamp for the java keystore. See https://reproducible-builds.org/docs/source-date-epoch/ trust/extract-jks.c | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) commit 1d6913d5a551b6bd8efaa1705178e49f1527aa7e Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-30 build: Require pkg.m4 >= 0.29 at bootstrap configure.ac | 2 ++ 1 file changed, 2 insertions(+) commit 6e1046de2233fba7875d3d6a1b260192678dd0ad Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-19 virtual: Prefer fixed closures to libffi closures On some circumstances (such as when loading p11-kit-proxy from httpd), it is known that creation of libffi closure always fails, due to SELinux policy. Although this is harmless, it pollutes the journal and gives wrong hints when troubleshooting. This patch changes the order of preference of libffi vs pre-compiled closures to avoid that. p11-kit/virtual.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) commit 83e92c2f9575707083d8b0c70ef330e285d70836 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-17 trust: Check index->buckets is allocated on cleanup trust/index.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 6417780ebbbbb0f01ddb001b239347655fb98578 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-17 rpc-server: Check calloc failure p11-kit/rpc-server.c | 4 ++++ 1 file changed, 4 insertions(+) commit da73c2804b3ca962fa51473bb4c303a5ed32d4a1 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-16 trust: Set umask before calling mkstemp trust/save.c | 3 +++ 1 file changed, 3 insertions(+) commit 033cd90806cb1e2eab7e799703757abc2f07052e Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-16 proxy: Fix null dereference when reusing slots p11-kit/proxy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 1f78cb0b4dd193ec1f1b2b424a497a6c2edec043 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-16 rpc-server: p11_kit_remote_serve_tokens: Fix memleak p11-kit/rpc-server.c | 5 +++++ 1 file changed, 5 insertions(+) commit 213ea0815ef45411bf6c134918b79d2aad69c1dc Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-16 build: Check return value of p11_rpc_buffer_get_uint64 p11-kit/rpc-client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 06323aed926ddc67bd18ed98e5af92035a8e3d39 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-16 build: Check return value of p11_dict_set p11-kit/proxy.c | 3 ++- p11-kit/rpc-server.c | 6 +++++- trust/module.c | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) commit b10dadce5a3c921149b2c9fe0dec614f8076ebda Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-16 build: Free memory before return{,_val}_if_* macros p11-kit/iter.c | 5 ++++- p11-kit/proxy.c | 10 ++++++++-- trust/asn1.c | 15 ++++++++++++--- trust/builder.c | 5 ++++- trust/index.c | 10 ++++++++-- trust/persist.c | 5 ++++- trust/save.c | 29 +++++++++++++++++++++++++---- trust/session.c | 10 ++++++++-- trust/token.c | 5 ++++- 9 files changed, 77 insertions(+), 17 deletions(-) commit c76197ddbbd0c29adc2bceff2ee9f740f71d134d Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-16 build: Call va_end() always when leaving the function common/attrs.c | 4 +++- common/compat.c | 5 ++++- common/path.c | 5 ++++- trust/parser.c | 4 +++- 4 files changed, 14 insertions(+), 4 deletions(-) commit 8a8db182af533a43b4d478d28af8623035475d68 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-10-16 debug: Work around cppcheck false-positives https://trac.cppcheck.net/ticket/8794 common/debug.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f4a9fa674e17cc470d9280237032f18a70313d8e Author: Leonardo Brondani Schenkel <leo@tradeshift.com> Date: 2018-05-28 common: use /proc only on Linux Non-Linux systems do not have /proc, so do not attempt to open it and eliminate an unnecessary access() syscall on those systems. common/compat.c | 2 ++ 1 file changed, 2 insertions(+) commit 7f1df14e041c6de9603a4720753ca8f31e32b4ff Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-31 pkcs11: Don't redefine CKM_CAMELLIA_KEY_GEN Also reorder the CKM_CAMELLIA_* definitions. common/pkcs11.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 3770793f026e46a000d2d8816d56122598289d5c Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-28 Release 0.23.14 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit c1b565413dae632a4ab78cea08ed103d9418921b Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-22 virtual: Tighten error handling when fixed closures are exhausted p11-kit/virtual.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) commit 347a8793d23036433ab0ba39049f0e832bb05b3d Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-22 virtual: Don't be too loud about recoverable failure p11-kit/virtual.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9a7892ef3fd9d4bd70df41fb0200782dc6134c70 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-24 trust: Factor out module initialization into separate file This prevents double call to p11_library_init() in test-module.c, once from the ELF constructor, and secondly from the test itself. trust/Makefile.am | 2 +- trust/module-init.c | 43 ++++++++++++++++++++++++++++++++++++++++++ trust/module.c | 54 ----------------------------------------------------- 3 files changed, 44 insertions(+), 55 deletions(-) commit 0d7fbd5189ba1414d84326ddc8e4cff98f66a44b Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-27 common: Factor out common initializer code into a header common/Makefile.am | 1 + common/init.h | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/client-init.c | 60 +++----------------------------- p11-kit/proxy-init.c | 59 +++----------------------------- 4 files changed, 103 insertions(+), 111 deletions(-) commit 0961cf527f1414bf5a900d958ee776cdd28f3525 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-24 travis: Manually install cpp-coveralls To accommodate the gcov format change in gcc 8.1: https://github.com/eddyxu/cpp-coveralls/pull/127 which is not yet available in the pip version. .travis/linux/after_success.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 2066e7c57a7ae82e35fee3deaa06d89498d749a3 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-23 travis: Check valgrind exit code more strictly .travis/linux/script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7a844d8e8c1c87401b161094023cf309ca111095 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-21 README.md: Add CII Best Practices badge README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f2a17c5e1dbc75a0142c6330bab588deb0060151 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-21 README.md: Mention contact method for security issues README.md | 5 +++++ 1 file changed, 5 insertions(+) commit b9ef1c5f4dbdfbab504479fdc899e344ff7bb44a Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-17 Revert "build: Explicitly link threaded test programs to libpthread" This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0. configure.ac | 10 ---------- p11-kit/Makefile.am | 8 ++++---- 2 files changed, 4 insertions(+), 14 deletions(-) commit 35b39cb2bf6d50a117a9e4c8e18100d19716ea71 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-17 Revert "build: Stop linking the library with libpthread when possible" This reverts commit 50f8906e63c9413a7687bab6608496d83c29a222. configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 56f3b9370747a7a33a9d56ff9365c89700dd0e67 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-17 Revert "common: Prefer __register_atfork() to pthread_atfork() if possible" This reverts commit ce3cec7f8742254b8627b9db48973b81e91cbfc8. common/library.c | 19 +------------------ configure.ac | 2 -- 2 files changed, 1 insertion(+), 20 deletions(-) commit a877b0eca3d59f7f8cd126047c0e899df6018858 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-17 Revert "build: Link to libpthread, if pthread_atfork() needs to be used" This reverts commit 541d79cb651cfd3238b9aa41fce70208df8e9496. NEWS | 2 +- common/library.c | 10 ++++------ configure.ac | 7 +------ 3 files changed, 6 insertions(+), 13 deletions(-) commit f69746d140cec20516c223825523fb0ade53384a Author: Alexander Bokovoy <abokovoy@redhat.com> Date: 2018-08-14 Update pkcs11 header to allow SoftHSMv2 to compile Replace vendor-specific values with the IDs from PKCS11 v3.0 for those constants that were already standardized. common/pkcs11.h | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 220 insertions(+), 18 deletions(-) commit abc542bd5abf46c5170f8a0c3dcc62eff0c9cfde Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-13 travis: Check that proxy module can be loaded and unloaded .travis/linux/before_install.sh | 2 +- .travis/linux/script.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 34416ed787d804e0d293e47f2d10dc62ddea407c Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-13 proxy: Avoid invalid memory access when unloading proxy module When loading and unloading p11-kit-proxy.so with pkcs11-tool, it accesses already free'd memory area: $ valgrind pkcs11-tool --module p11-kit-proxy.so -L ==25173== Invalid read of size 8 ==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724) ==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65) ==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so) ==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so) ==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so) ==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so) ==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so) ==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so) ==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool) ==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so) ==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd ==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530) ==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902) ==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723) p11-kit/proxy.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) commit 541d79cb651cfd3238b9aa41fce70208df8e9496 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-10 build: Link to libpthread, if pthread_atfork() needs to be used On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is provided as a nop and our fork detection mechanism doesn't work. Pull in the actual implementation from libpthread in that case. Signed-off-by: Daiki Ueno <dueno@redhat.com> NEWS | 2 +- common/library.c | 10 ++++++---- configure.ac | 7 ++++++- 3 files changed, 13 insertions(+), 6 deletions(-) commit 6a8da20c0432499480731548256294844cade631 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-10 build: Don't install systemd unit files when "make distcheck" Makefile.am | 1 + 1 file changed, 1 insertion(+) commit ef001069d069df43de029f3b84206676badd8a4e Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-10 Release 0.23.13 NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit ce3cec7f8742254b8627b9db48973b81e91cbfc8 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-09 common: Prefer __register_atfork() to pthread_atfork() if possible common/library.c | 19 ++++++++++++++++++- configure.ac | 2 ++ 2 files changed, 20 insertions(+), 1 deletion(-) commit 50f8906e63c9413a7687bab6608496d83c29a222 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-13 build: Stop linking the library with libpthread when possible configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ebfd7da82d7b9eea81067479861aac2d2c07cc29 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-20 common: Use thread-local storage class when possible This eliminates the unconditional use of pthread_{get,set}specific() and pthread_key_{create,delete}(), which glibc doesn't provide the stubs. common/library.c | 22 ++++++++++++++++++++++ configure.ac | 12 ++++++++++++ 2 files changed, 34 insertions(+) commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-20 build: Explicitly link threaded test programs to libpthread Some test programs use pthread_create(), which glibc doesn't provide the stub. Link those programs with -lpthread. configure.ac | 10 ++++++++++ p11-kit/Makefile.am | 8 ++++---- 2 files changed, 14 insertions(+), 4 deletions(-) commit f04c2a84ad2a017a778fa2f23719318acb9ca89f Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-20 common, p11-kit, trust: Use pthread_once only when necessary If the ELF constructor is usable, we don't really need the once-init function because it is guaranteed that the code runs only once in the constructor. common/library.c | 4 +++- common/library.h | 10 ++++++++++ p11-kit/client-init.c | 2 +- p11-kit/proxy-init.c | 2 +- trust/module.c | 2 +- 5 files changed, 16 insertions(+), 4 deletions(-) commit 5b18e77e9dbb6a598812427ba07ad6df63eb7a67 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-20 common: Use static mutex initializer when possible This eliminates the use of pthread_mutexattr_* functions, which glibc doesn't provide the stubs. common/compat.c | 4 +++- common/compat.h | 18 +++++++++++++++++- common/library.c | 14 ++++++++++---- 3 files changed, 30 insertions(+), 6 deletions(-) commit 22cb49b9105657cafb98624be37f05b169f73dd6 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-08-01 server: Avoid FD leak in error cases Spotted by coverity. p11-kit/server.c | 3 +++ 1 file changed, 3 insertions(+) commit 19aaf573580e52265f57f9b7af7a03bfdfaf71e0 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-19 trust: Clarify C_Login behavior that returns an error trust/module.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit ab27346ceb5d4e856671a033ac1f6521c86514a1 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-10 proxy: Fail early if there is no slot mappings p11-kit/proxy.c | 2 ++ p11-kit/test-proxy.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) commit fb5742cdecfde1c13d9ce610cdec050792cc57ca Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-09 travis: Install pip for coveralls .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b6d20ac16da7128089031248eed4afe08f6934d3 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-06-27 rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules This patch removes the restriction of p11_kit_remote_serve_tokens() that were not capable of serving tokens across multiple modules. p11-kit/Makefile.am | 5 +- p11-kit/remote.h | 2 +- p11-kit/rpc-server.c | 209 ++++++++++++++++++++++++++++++++++---------------- p11-kit/test-server.c | 83 +++++++++++++++----- 4 files changed, 210 insertions(+), 89 deletions(-) commit 9d2ce267e6714c6a565a9ded3aa0001918d1ae1d Author: Daiki Ueno <dueno@redhat.com> Date: 2018-06-27 build: Use separate p11-kit-{remote,server} executable for testing Otherwise, the p11-kit-remote program called from p11-kit-server would load the system modules instead of the local fixtures. .gitignore | 2 ++ p11-kit/Makefile.am | 26 ++++++++++++++++++++++++++ p11-kit/server.c | 2 +- p11-kit/test-server.c | 4 ++-- 4 files changed, 31 insertions(+), 3 deletions(-) commit 8d8bff0a2edf4659b641dde1333eb6a7c695671c Author: Daiki Ueno <dueno@redhat.com> Date: 2018-06-25 proxy: Allow proxy to be created from the library Previously, to aggregate multiple modules into one, there was no other way than loading the proxy module. From the p11-kit applications, however, it is not possible to load that module because of the recursive loading check (p11_proxy_module_check). This patch adds another means to aggregate modules, through a library function p11_proxy_module_create. p11-kit/proxy.c | 40 +++++++++++++++++++++++++++++++++++++++- p11-kit/proxy.h | 3 +++ 2 files changed, 42 insertions(+), 1 deletion(-) commit a65696b3e79acb602bd0c000f8524d3cc8998187 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-06-25 proxy: Turn global variables module local p11-kit/proxy.c | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) commit c53888a802eed4baa4aff54060334d2fdbfc7648 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-07-13 build: Make reallocarray detection robuster On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is defined. Reported by Patrick Welche in: https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html common/compat.h | 2 +- configure.ac | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 53a7e915b2694bc1957d98493a7aee9abfa3c6c5 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-06-20 server: Enable socket activation through systemd This enables socket activation of "p11-kit server" through systemd. The feature provided is essentially the same as commit a4fb2bb5 (reverted), but implemented with "p11-kit server" and libsystemd API instead of wrapping "p11-kit remote" in the unit file. Note that, while it exposes all tokens through the socket, it doesn't increase attack surface beyond the PKCS#11 binary interface provided by p11-kit-proxy.so, because the service is per-user. .gitignore | 2 +- configure.ac | 23 +++++++++++++++++++++++ p11-kit/Makefile.am | 22 ++++++++++++++++++++++ p11-kit/p11-kit-server.service.in | 15 +++++++++++++++ p11-kit/p11-kit-server.socket | 11 +++++++++++ p11-kit/server.c | 33 ++++++++++++++++++++++++--------- 6 files changed, 96 insertions(+), 10 deletions(-) commit d4a4039f97b2e1f67d09d7cd8c05fb2dd129b23c Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-31 build: Ease issetugid() check when cross-compiling When cross-compiling, the configure check for issetugid() aborts, because of the pessimistic default of AC_RUN_IFELSE. This patch provides the non-pessimistic default to AC_RUN_IFELSE and wrap the macro invocation with AC_CACHE_CHECK so that the user can override the check by setting ac_cv_issetugid_openbsd=yes, as suggested in: https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Runtime.html#Runtime configure.ac | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 3dd5810143e51dabdc58069e55b09a950349fa08 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-28 Release 0.23.12 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit f696eddecaa1f1cd1687ab5dbb942128aaca1903 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-29 travis: Add build scripts for macOS .travis.yml | 1 + .travis/osx/after_failure.sh | 3 +++ .travis/osx/before_install.sh | 5 +++++ .travis/osx/script.sh | 6 ++++++ 4 files changed, 15 insertions(+) commit a21898570d3e713155f0d8048bc6350f069f58ff Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-29 travis: Use matrix .travis.yml | 84 +++++++++++++++++++++-------------------- .travis/linux/after_failure.sh | 3 ++ .travis/linux/after_success.sh | 9 +++++ .travis/linux/before_install.sh | 9 +++++ .travis/linux/install.sh | 14 +++++++ .travis/linux/script.sh | 11 ++++++ 6 files changed, 90 insertions(+), 40 deletions(-) commit 35637892e517d0e8e08dbe214f638317499ea0f5 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-29 test: Avoid unnecessary memory allocation common/test-runtime.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit ccb0c207964189742e97acfd817fb3c6b99e5865 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-29 common: Fix runtime directory detection when given prefix is long common/runtime.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 71b62aa1cdbdec3724c8e451f621309994dc59a0 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-29 common: Don't rely on issetugid() when it is broken On macOS and FreeBSD, issetugid() has different semantics from the original OpenBSD implementation and cannot reliably detect if the process made setuid/setgid: https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e This should fix: https://bugs.freedesktop.org/show_bug.cgi?id=67451 https://bugs.freedesktop.org/show_bug.cgi?id=100287 common/compat.c | 2 +- configure.ac | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) commit 79f928492dba6a46c63e77d6b22c17c23e66403b Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-28 build: Don't use locale funcs if locale_t is not defined in locale.h On macOS, locale_t is not defined in <locale.h>. Although it is defined in <xlocale.h>, we rather not use locales at all for POSIX compliance. common/compat.h | 6 ++++++ common/debug.c | 4 ++-- common/library.c | 6 +++--- common/message.c | 4 ++-- common/test-message.c | 6 +++--- configure.ac | 11 ++++++++--- 6 files changed, 24 insertions(+), 13 deletions(-) commit cd0a2de679a81829b7323bc5db46222b9eaab1d9 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-28 pkcs11: Exercise GNU calling convention at compile time .gitignore | 1 + p11-kit/Makefile.am | 32 ++++++++++++++++++++++++++++++++ p11-kit/iter.h | 10 ++++++++++ p11-kit/uri.h | 4 ++++ 4 files changed, 47 insertions(+) commit e4c5d3b34941bdc433072a492a0a7fdbddba0cc2 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-25 build: Simplify README inclusion Use symlink in the repository, instead of copying. .gitignore | 1 - Makefile.am | 7 +------ README | 1 + 3 files changed, 2 insertions(+), 7 deletions(-) commit 65dd5469ad164465583167c63114478587db59fd Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-24 NEWS: Mention latest changes NEWS | 2 ++ 1 file changed, 2 insertions(+) commit 8b90031aeb495116a87851dca50845b8df0d1e90 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-25 build: Delay building mock-six.la until "make check" p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8df105871eb5f6bca3e5f4dcf165f2bbf920f106 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-24 build: Include README in the distribution As we removed README from the repository, it is no longer automatically picked up for the distribution by Automake. Makefile.am | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 275eed62b5d0e17c092b66af233ffc5b2f45245b Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-24 build: Fix ChangeLog generation Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf204ada4685415287b3d03b3d79634c86739b83 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-24 build: Remove obsolete upload rules Makefile.am | 15 --------------- 1 file changed, 15 deletions(-) commit e2002df5707dd306cea0684706361be72891231b Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-24 build: Include p11-kit/test-messages.sh in distribution p11-kit/Makefile.am | 1 + 1 file changed, 1 insertion(+) commit 258da75cd606a3653bc414a6ace01c8bfdfabca6 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-24 uri: Make scheme comparison case-insensitive RFC 3986 suggests that implementations should accept uppercase letters as equivalent to lowercase in scheme names. p11-kit/test-uri.c | 21 +++++++++++++++++++++ p11-kit/uri.c | 12 +++++++++--- 2 files changed, 30 insertions(+), 3 deletions(-) commit 117b35db99af4331daad4279eadfb9280e0c1325 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-24 common: Make case conversion locale independent The tolower()/toupper() functions take into account of the current locale settings, which p11-kit doesn't want. Add replacement functions that work as if they are called under the C locale. common/compat.c | 16 ++++++++++++++++ common/compat.h | 3 +++ common/mock.c | 4 ++-- common/url.c | 4 ++-- trust/extract-jks.c | 2 +- trust/extract-openssl.c | 2 +- 6 files changed, 25 insertions(+), 6 deletions(-) commit e42dcf5283a5537c196147c9a2468ee537b9da7b Author: Nathaniel McCallum <npmccallum@redhat.com> Date: 2018-05-14 Improve const correctness for P11KitUri This does not improve const for the getters. The reason for this is that they are usually passed into the PKCS#11 APIs directly and these APIs are not const correct. Trying to force const correctnesss here would result in pain for library consumers. This is an API and ABI compatible change. p11-kit/private.h | 12 ++++++------ p11-kit/uri.c | 34 +++++++++++++++++----------------- p11-kit/uri.h | 36 ++++++++++++++++++------------------ 3 files changed, 41 insertions(+), 41 deletions(-) commit 6af8234936f805a9c6dceb29a84e73d40ed4b257 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2018-05-18 README: replace by README.md That is, use README.md as primary source to generate README as README is required by the GNU guidelines. We don't try to convert to "real" plain text as markdown is readable, and to avoid introducing another dependency (e.g., pandoc). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> .gitignore | 1 + Makefile.am | 1 + README | 8 -------- 3 files changed, 2 insertions(+), 8 deletions(-) commit 58c3eb9acf5885069652f1b02edb7aca01580b96 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2018-05-18 NEWS: mark the 0.23 series as stable Resolves #80 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 14610d49c4e6c68022be63df1481f74ccb0aa75a Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2018-05-18 README.md: added reference to Daiki's key Resolves #153 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> README.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) commit f272dd4a1c68125c8f696b1e0eebb15c45c6923a Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-07 Release 0.23.11 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 5f68c96da949b08e2afd109d276d80e42cab68b7 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-07 common: Pacify clang-analyzer common/buffer.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 98fbfc3b6126c809eb44c700871facca6ac7727d Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-07 trust: Avoid array overflow trust/builder.c | 4 ++-- trust/extract-openssl.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 34ab20cbf79ca50972bf3088c8b6e9978ff0dc2b Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-07 trust: Don't null terminate PKCS #11 string fields trust/module.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit ba006ed40cad2e0d1fe3c3355c18bdfb612c2cd6 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-07 proxy: Don't null terminate PKCS #11 string fields p11-kit/proxy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1b85c62af8146efa0e648a297179db2bbfe59b43 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-05-03 test: Avoid exceeding maximum pathname length of Unix socket p11-kit/test-server.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit a625dfa4f2456b1a866489e5be15fb46578237a5 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-27 library: Use dedicated locale object for printing error common/debug.c | 14 +++++++------- common/library.c | 13 +++++++++++++ common/message.c | 14 +++++++------- common/test-message.c | 15 +++++++++++++++ configure.ac | 2 +- 5 files changed, 43 insertions(+), 15 deletions(-) commit 6202903b261dfae740af3f8e985244bab48470ba Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-27 Revert "build: Check strerror_l() and uselocale() seperately" This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1. We should rather use newlocale() when per-thread locale is not set. Otherwise uselocale() could return LC_GLOBAL_LOCALE on some platforms (e.g. musl-libc) and calling strerror_l() with it leads to an undefined behavior. common/debug.c | 9 ++------- common/message.c | 9 ++------- configure.ac | 2 +- 3 files changed, 5 insertions(+), 15 deletions(-) commit 173ad93cc54057886b2055f3d73ea64a047127d1 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-19 build: Check strerror_l() and uselocale() seperately NetBSD deliberately doesn't support per-thread locale and our thread-safe replacement of strerror() using strerror_l() cannot be used. Fallback to strerror_r() in that case. common/debug.c | 9 +++++++-- common/message.c | 9 +++++++-- configure.ac | 2 +- 3 files changed, 15 insertions(+), 5 deletions(-) commit a95c7a3e936896349bf925ca7cd47f0a03166249 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-10 travis: Optimize dnf install invocation .travis.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) commit e4b86e449a83428592e45db28834be950e837d74 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-10 test: Add installcheck script to test trust module Currently it only checks that "disable-in: p11-kit-proxy" properly prevents the trust module being loaded by the proxy module. trust/Makefile.am | 4 +++- trust/test-trust.sh | 21 +++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) commit 5d97643884879d4967d21cb29c9917271a4b65db Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-10 trust: Prevent trust module being loaded by proxy module Otherwise, when the proxy module were registerd in NSS database, the trust module would be loaded twice and degrade search performance. trust/p11-kit-trust.module | 3 +++ 1 file changed, 3 insertions(+) commit af71f7961370714112f258c0e404d96bdef9cee9 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-10 travis: Run "make installcheck" .travis.yml | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) commit cbef7f5d8a14d46ecdf0c25c3d38d26598a66f8c Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-10 trust: Fix memleak in p11_enumerate_opt_filter p11_kit_iter_add_filter() takes the ownership of given attributes. Spotted by address sanitizer. trust/enumerate.c | 1 + 1 file changed, 1 insertion(+) commit e4a5466e5e3cfe22344e79c6e1a0ad9a7945a602 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-10 test: Factor out common harness from test-extract.in .gitignore | 2 +- configure.ac | 2 +- trust/Makefile.am | 7 +- trust/{test-extract.in => test-extract.sh} | 92 +------------------------ trust/test-init.sh.in | 106 +++++++++++++++++++++++++++++ 5 files changed, 114 insertions(+), 95 deletions(-) commit dcb6ee3fa89e0c9586e2b09e1f60aa076f263123 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-31 test: Add test for JKS extractor Piggybacking commit de963b96, this adds a multi-cert test case for the Java keystore extractor. trust/Makefile.am | 5 ++ trust/extract-jks.c | 7 +- trust/fixtures/multiple.jks | Bin 0 -> 2556 bytes trust/test-jks.c | 213 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 224 insertions(+), 1 deletion(-) commit af6ab322b1ad9a4f4a0117a79bd566550ec0a0a8 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-05 test: Add test for p11_attrs_purge() common/test-attrs.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) commit 843fca9b67b7407a47bcae698f434c975a4a4e91 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-05 mock-module-ep: Properly override C_GetFunctionList p11-kit/mock-module-ep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a6d0e490209638605b17b0bdc66ad03d36909dae Author: Daiki Ueno <dueno@redhat.com> Date: 2018-04-05 modules: Add option to control module visibility from proxy This enables to control whether a module will be loaded from the proxy module. The configuration reuses the "enable-in" and "disable-in" options, with a special literal "p11-kit-proxy" as the value. doc/manual/pkcs11.conf.xml | 2 ++ p11-kit/modules.c | 35 ++++++++++++++----- p11-kit/p11-kit.h | 1 + p11-kit/private.h | 5 +++ p11-kit/proxy.c | 2 +- p11-kit/test-proxy.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 118 insertions(+), 10 deletions(-) commit de963b96929b9da61916a0c43b4ac4c34a39e238 Author: Laszlo Ersek <lersek@redhat.com> Date: 2018-03-29 trust: add unit test for the "edk2-cacerts" extractor Add a multi-cert test case for the edk2 extractor, heavily based on the "/openssl/test_file_multiple" test case. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> trust/Makefile.am | 5 ++ trust/fixtures/multiple.edk2 | Bin 0 -> 2549 bytes trust/test-edk2.c | 209 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 214 insertions(+) commit ee27f9153a14d0c6d75f8745a8c1879a6e4bb2e8 Author: Laszlo Ersek <lersek@redhat.com> Date: 2018-03-27 trust: implement the "edk2-cacerts" extractor Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> trust/extract-edk2.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 168 insertions(+), 1 deletion(-) commit 59054e4f9fe3e95f8db881973901ab59a0b1ef8a Author: Laszlo Ersek <lersek@redhat.com> Date: 2018-03-27 trust: introduce the "edk2-cacerts" extractor skeleton Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> trust/Makefile.am | 1 + trust/extract-edk2.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ trust/extract.c | 4 +++- trust/extract.h | 3 +++ 4 files changed, 51 insertions(+), 1 deletion(-) commit ba6ebb05fc0c8010d8510984ce3c5f908edf13b6 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-29 modules: Fix memleak in re-initialization case p11-kit/modules.c | 1 + 1 file changed, 1 insertion(+) commit 1ca877e3d3b1315ee9358f7e3c9096e10e14486e Author: Justin King-Lacroix <justinkl@google.com> Date: 2018-03-16 Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly In p11_kit_modules_initialize(), treat a return code of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to CKR_OK. p11-kit/modules.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 46901ab914e3f37e6e7287d47d9ab1281e3d64dc Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-29 travis: Disallow failure on mingw .travis.yml | 4 ---- 1 file changed, 4 deletions(-) commit 41301742772b411eb8b3e819c54b1eb5b9ca82dd Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-29 test: Add missing seven.module in Windows fixtures p11-kit/fixtures/system-modules/win32/seven.module | 4 ++++ 1 file changed, 4 insertions(+) commit a3478f097bff647892c18cbab1e6f5b8bd5a6614 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-29 travis: Use LOG_COMPILER to run tests under wine .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a711a578ba7a1775bdc20ea00fbbdb4f10f91d58 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-29 build: Enable make check with wine build/wine-wrapper.sh | 13 +++++++++++++ p11-kit/test-messages.sh | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) commit bfdd4372ff381ce234d357bb43636b86e6cc1e8f Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-29 common: Fix compilation of runtime.c under mingw common/runtime.c | 29 ++++++++++++++++++++--------- common/test-runtime.c | 14 +++++++++++++- 2 files changed, 33 insertions(+), 10 deletions(-) commit 7827e65abacc87018be035a3008a4bb89280a85a Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-27 test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED p11-kit/Makefile.am | 7 ++- p11-kit/fixtures/system-modules/seven.module | 4 ++ p11-kit/mock-module-ep5.c | 80 ++++++++++++++++++++++++++++ p11-kit/test-modules.c | 25 +++++++++ 4 files changed, 115 insertions(+), 1 deletion(-) commit e454338dddef9089a3b9998cc8ba33e247ee9f26 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-07 test: Add test for error messages .travis.yml | 2 +- p11-kit/Makefile.am | 2 + p11-kit/test-messages.sh | 110 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+), 1 deletion(-) commit 007023002811469ae3982a0cfcd9a73aed762ad1 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-28 test: Use _exit() in child process to immediately close open FDs p11-kit/test-proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 294c0efda49a623f47eb3c459bb5ed812ebc757c Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-28 test: Rewrite test-server.sh in TAP style p11-kit/test-server.sh | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) commit 1eb22867b1123601387b1fa06643077225bd7590 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-27 test: Take advantage of TAP test driver .gitignore | 1 + Makefile.am | 4 ++++ configure.ac | 1 + 3 files changed, 6 insertions(+) commit 9abfcd53e922f5c3841061e363e5ac88d92c2433 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-03-27 common: Add assert_skip() and assert_todo() common/test.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++-------- common/test.h | 20 ++++++++++ 2 files changed, 126 insertions(+), 15 deletions(-) commit e8d569045c7d224e94836edd77856823aadf8267 Author: Andreas Metzler <ametzler@bebt.de> Date: 2018-02-27 test-server.sh: Fix bashism p11-kit/test-server.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit f6b7a992e442218a5afdbf8ae1697c53f3f03991 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-27 Release 0.23.10 NEWS | 12 ++++++++++++ configure.ac | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) commit 39eb7a3dd16233b16fb1e50fe30d55f5f86fbaa5 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-27 maint: Point to the new URLs HACKING | 6 +++--- configure.ac | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit d2318ca31774d6a02eff5d0b3af2f3c89cb58c9d Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-27 test-server: Add test for detecting address p11-kit/test-server.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) commit 264ecf416d6d07c558d80031c077a46a909a6f90 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-27 test-server: Fix compilation error on FreeBSD p11-kit/test-server.c | 1 + 1 file changed, 1 insertion(+) commit 44c67d90b0448888c784e661b5967204f5b0d47d Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-27 common, client: Move runtime directory detection to libp11-common common/Makefile.am | 5 ++ common/runtime.c | 111 ++++++++++++++++++++++++++++++++++++++++++ common/runtime.h | 42 ++++++++++++++++ common/test-runtime.c | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/client.c | 67 +------------------------ 5 files changed, 292 insertions(+), 65 deletions(-) commit d8acebf175d727a3e146956fb362c30e7fdec9df Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-27 common: Make p11_test_directory_delete() work recursively common/test.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit bcf2c4e0a24303f976dbedc0ef0a564b9808a989 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-27 test: Improve temporary directory handling p11-kit/test-transport.c | 6 ++++-- trust/test-module.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) commit fb8bf5a5f82e5b4f0afe72e247255f37fc0dedc8 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-05 p11_kit_remote_serve_tokens: Read "write-protected" setting from URI p11-kit/rpc-server.c | 12 ++++++++++++ p11-kit/test-server.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) commit a0984024470218295d74bed364c37862d4c61d60 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-05 filter: Respect CKF_WRITE_PROTECTED setting when allowing a token p11-kit/filter.c | 48 ++++++++++++++++-------- p11-kit/test-filter.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+), 16 deletions(-) commit d3a1498ef9b8a626bbd864a6c90e45a6278a0e75 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-26 test: Add test for client-server interaction The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module. .travis.yml | 10 ++- build/lsan.supp | 3 + p11-kit/Makefile.am | 4 + p11-kit/test-server.c | 199 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 213 insertions(+), 3 deletions(-) commit f73868b710d4463cc0cff6f8ea2f3a171f86c8e2 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-26 server: Print envvars even when running in foreground p11-kit/server.c | 61 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 39 insertions(+), 22 deletions(-) commit adc760e5ce90d49f7c6183c689f95868341f6fb7 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-26 test-transport: Make sure to initialize addrlen given to accept p11-kit/test-transport.c | 1 + 1 file changed, 1 insertion(+) commit 47297f9785a21af1bb79450bad549aa8bd33a24c Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-26 client: Fix memleaks in the module p11-kit/client.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 7a018706b54e09f1cc7ce8c6d1ceaecf28b7308b Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-26 test: Fix unconditional jump in test-proxy.c p11-kit/test-proxy.c | 1 + 1 file changed, 1 insertion(+) commit 975f2ccf5dcde210e1da5557eda627c42763e322 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-02-16 doc: Replace links to freedesktop.org to github pages doc/manual/p11-kit-devel.xml | 8 ++++---- doc/manual/p11-kit.xml | 4 ++-- doc/manual/pkcs11.conf.xml | 2 +- doc/manual/trust.xml | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) commit 9616790b9ad4147acd5b11de11d6d79bc9ad807f Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-19 trust: Forcibly mark "Default Trust" read-only The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630 trust/Makefile.am | 6 ++++- trust/frob-token.c | 2 +- trust/module.c | 12 ++++++---- trust/test-module.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++-- trust/test-token.c | 10 ++++---- trust/token.c | 9 ++++++- trust/token.h | 8 ++++++- 7 files changed, 101 insertions(+), 15 deletions(-) commit 49d2ededb64197702a8708cb4a453497bc7eaecd Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-31 po: Update translations from transifex po/LINGUAS | 8 +- po/ast.po | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ca.po | 171 +++++++++++++++--------------- po/cs.po | 85 +++++++-------- po/da.po | 6 +- po/de.po | 6 +- po/el.po | 6 +- po/en_GB.po | 6 +- po/eo.po | 6 +- po/es.po | 12 +-- po/fi.po | 6 +- po/fr.po | 6 +- po/fur.po | 343 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/gl.po | 6 +- po/hr.po | 79 +++++++------- po/hu.po | 6 +- po/id.po | 6 +- po/it.po | 6 +- po/ja.po | 10 +- po/ka.po | 6 +- po/kk.po | 6 +- po/ko.po | 6 +- po/lv.po | 6 +- po/nl.po | 6 +- po/oc.po | 171 +++++++++++++++--------------- po/pa.po | 8 +- po/pl.po | 28 ++--- po/pt.po | 171 +++++++++++++++--------------- po/pt_BR.po | 6 +- po/ru.po | 6 +- po/sk.po | 6 +- po/sl.po | 6 +- po/sr.po | 6 +- po/sv.po | 6 +- po/tr.po | 6 +- po/uk.po | 6 +- po/zh_CN.po | 8 +- po/zh_TW.po | 6 +- 38 files changed, 1139 insertions(+), 447 deletions(-) commit f7387ddea8a5fe609f052a9a40691ebb3ae86372 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-31 build: Add more files to .gitignore .gitignore | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) commit bb2b064c9921e7bdcd7335ed3001a5e19512d3e1 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-31 travis: Exclude generated files from coverage .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a88f2ed573a5bb04d2397c626f6bcf3b1a814da Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-31 build: Split out generated code from p11-kit/virtual.c .gitignore | 1 + Makefile.am | 2 + configure.ac | 13 ++++ p11-kit/Makefile.am | 34 +++++++++ p11-kit/virtual-fixed.h | 3 - p11-kit/virtual.c | 197 +----------------------------------------------- 6 files changed, 51 insertions(+), 199 deletions(-) commit 57697eda68a3343c2e54e5f8f3f4ce65a99383f5 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-31 trust: Filter out duplicate extensions The trust policy module keeps all the objects in the database, while PKIX doesn't allow multiple extensions identified by the same OID can be attached to a certificate. Add a check to C_FindObjects to exclude any duplicates and only return the first matching object. It would be better if the module rejects such duplicates when loading, but it would make startup slower. https://bugzilla.redhat.com/show_bug.cgi?id=1141241 trust/input/extensions.p11-kit | 23 +++++++++++++++++++++ trust/input/extensions.pem | 13 ++++++++++++ trust/module.c | 42 ++++++++++++++++++++++++++++++++++++--- trust/test-module.c | 45 +++++++++++++++++++++++++++++++++++++++++- trust/test-token.c | 2 +- 5 files changed, 120 insertions(+), 5 deletions(-) commit 14853b1d8466d4e3b5aa23ff14f2abacd4e7e8ef Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-25 build: Delay compilation of test-related stuff Makefile.am | 9 ++++++--- common/Makefile.am | 9 ++++++--- p11-kit/Makefile.am | 15 +++++++++------ trust/Makefile.am | 12 ++++++++---- 4 files changed, 29 insertions(+), 16 deletions(-) commit 05b67a36e2118b4485da7bd26ed3ba85efdeddb4 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-25 proxy: Remove dead code Since the libffi became optional (commit 9f632bed), the fallback code path in proxy.c has never taken. p11-kit/proxy.c | 708 -------------------------------------------------------- 1 file changed, 708 deletions(-) commit 3eed501fab5e2a2b19115f4840709c34e9b8ac55 Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-16 proxy: Reuse the existing slot ID mapping after fork While the proxy module reassigns slot IDs in C_Initialize(), some applications assume that valid slot IDs should never change across multiple calls to C_Initialize(). This patch mitigates this by preserving the slot IDs, if they are known to the proxy module. p11-kit/Makefile.am | 7 +++ p11-kit/fixtures/package-modules/six.module | 7 +++ p11-kit/mock-module-ep4.c | 69 +++++++++++++++++++++++++++++ p11-kit/proxy.c | 25 +++++++++-- p11-kit/test-proxy.c | 18 ++++++++ 5 files changed, 122 insertions(+), 4 deletions(-) commit 031d3c74c0ff5da8e9650da0615bbb8107ab1fde Author: Daiki Ueno <dueno@redhat.com> Date: 2018-01-17 server: Avoid null-dereference of timespec value on timeout Spotted by clang-analyzer. p11-kit/server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 50b752e081e1ca8b674d05e8ddeaf04451065629 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2017-12-22 Added p11-kit remoting page in manual doc/manual/Makefile.am | 1 + doc/manual/p11-kit-docs.xml | 1 + doc/manual/p11-kit-remoting.xml | 253 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 255 insertions(+) commit 2c84475ca612c33351d9f311ef24b3b89a7c856c Author: Daiki Ueno <dueno@redhat.com> Date: 2017-11-29 build: Add README.md to display build status README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 3b137039f5c222dbc6688bd6c9aec01a6dbeeece Author: Daiki Ueno <dueno@redhat.com> Date: 2017-11-28 travis: Exclude test programs from coveralls .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1163e7e1cd3d8b5b42a1d2b463536a36fa0e77af Author: Daiki Ueno <dueno@redhat.com> Date: 2017-11-27 travis: Supply necessary envvars to container for coveralls .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fda7c32b5796be7cee6a457940110effcd80d7f9 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-11-15 travis: Use in-tree build for coverage The coverage tools (gcov, cpp-coveralls, etc) cannot detect source files if the project is built out-of-tree. Use the same directory for $srcdir and $builddir for the build with --enable-coverage. .travis.yml | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) commit b889dec9e3493efb72c9903bb4d6007ec00e1c89 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-10-02 test: Improve code coverage of filter.c p11-kit/test-filter.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) commit 64b96efca97479a67e2ac1fcbf1492fceab64ba8 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-10-02 travis: Use coveralls for measuring coverage .travis.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit d40d6ca27850a95c4c9df8b66f8a47d80bb1d18a Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date: 2017-10-30 p11_kit_override_system_files: introduced new function That allows overriding the default module and configuration locations, for use in test suites, etc. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> p11-kit/modules.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit.h | 5 +++++ p11-kit/test-transport.c | 13 ++++++++----- 3 files changed, 59 insertions(+), 5 deletions(-) commit 7f919fc1fd8684000d456ead2e65b3fa19ac0adc Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date: 2017-10-30 p11_kit_modules_load*: enhanced documentation on flags Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> p11-kit/modules.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 29b8197e879dc8be8e356f57e6a3a501cdf657f9 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-10-06 build: Take advantage of parallel-tests .travis.yml | 5 ++++- Makefile.am | 1 + configure.ac | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) commit 96a3d3e6371785f846bc72c2a701a1eb67c89b77 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-10-06 server: Better shell integration This adds -k, -c, and -s options to the "p11-kit server" command, which allows you to terminate the server process, select which C-shell or Bourne shell command line is printed on startup, respectively. Makefile.am | 6 ++- p11-kit/Makefile.am | 5 ++ p11-kit/server.c | 122 +++++++++++++++++++++++++++++++++++++++++-------- p11-kit/test-server.sh | 39 ++++++++++++++++ 4 files changed, 152 insertions(+), 20 deletions(-) commit 031912fa844c4f3da327c8b2578d9d9ce2a6473e Author: Daiki Ueno <dueno@redhat.com> Date: 2017-10-05 server: Make it possible to eval envvar settings Previously, calling "eval $(p11-kit server)" from shell hung because the program didn't properly close stdout before forking. p11-kit/server.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit bda61680218a4ff5a9f05b5592bb282cbedfd936 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-10-02 Release 0.23.9 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 00b829d50389c6a8dd25145355a8e6599a7c378a Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-18 trust: Respect anyExtendedKeyUsage in CA certificates trust/enumerate.c | 5 +++++ trust/oid.h | 9 +++++++++ trust/test-enumerate.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+) commit f51ab92f5f81bd08bcf9bd3b0afc545684a6ea7e Author: Daiki Ueno <dueno@redhat.com> Date: 2017-09-27 rpc: Fix crash when retrieving attribute length It is possible that NULL is given to the serializers, when C_GetAttributeValue() just wants to know the size of an attribute. Previously, this resulted in giving NULL to memcpy(). p11-kit/rpc-message.c | 10 ++++++---- p11-kit/test-rpc.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 4 deletions(-) commit dcd932786c970fc50922ec4f19786b177481570a Author: Daiki Ueno <dueno@redhat.com> Date: 2017-09-26 server: Make it work only when token URI is provided Previously, when "p11-kit server" started only with a token URI, it couldn't properly find and initialize the module which provides the token. This was because of the wrong order of cleanup of the modules. p11-kit/rpc-server.c | 88 ++++++++++++++++++++++++---------------------------- 1 file changed, 41 insertions(+), 47 deletions(-) commit 26312a8774b5d113f6e7f904f7b6654449ab7b2e Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-18 common: Re-add placeholder definition of p11_debug This was mistakenly removed in commit efe6dc56c. Pointed by Lars Wendler in issue #97. common/debug.h | 4 ++++ 1 file changed, 4 insertions(+) commit 61acf20f26b07e2f3eb253cbfee4c473544df9a7 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-16 build: Include <stdint.h> for SIZE_MAX Fixes issue #95. common/compat.c | 1 + 1 file changed, 1 insertion(+) commit 32d6f9d2468ea2851d16ad0e1a2046dfd8cd7fa5 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-14 Release 0.23.8 NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit 6a137c035c2db373b9171cd7e0569edbe9700f9c Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-15 build: Include <stdint.h> for SIZE_MAX common/array.c | 1 + 1 file changed, 1 insertion(+) commit 5f0a948ebcf659a1f2c3d5fb30991ebdf73b5976 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-11 client: Fix order of cleanup In C_GetFunctionList, state->virt is wrapped with a destroyer function free(). Thus p11_rpc_transport_free must be called before p11_virtual_unwrap. p11-kit/client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 04da143dce2d430dcc14e8a45c31177a23d7e301 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-08 test: Add checks for duplicate vendor attributes p11-kit/test-uri.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 992b6000459b9eb5159cb6826b40d7cdb6c4c412 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-08 uri: Make vendor query attribute handling reliable Previously we used p11_dict to keep track of vendor query attributes. This had a couple of limitations: duplicate attributes are not allowed while they are actually allowed in RFC 7512, and the order of attributes is unpredictable. This patch switches to using an array instead of p11_dict and ensures that the attributes are sorted in alphabetical order. Fixes #88. p11-kit/uri.c | 104 ++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 80 insertions(+), 24 deletions(-) commit c29f51ad8ef97a1fae356dd7660e41d81cde0d09 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-08 common: New p11_array_insert function common/array.c | 16 ++++++++++++++++ common/array.h | 4 ++++ 2 files changed, 20 insertions(+) commit a860db364521ca6e9046bbf60fbbb1ca2bc08711 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-08-08 common: Use reallocarray instead of realloc as appropriate reallocarray is a new POSIX function added in glibc 2.26, with built-in overflow checks. Take advantage of that function for internal array allocation. common/array.c | 9 ++++++--- common/attrs.c | 5 ++++- common/compat.c | 17 +++++++++++++++++ common/compat.h | 8 ++++++++ configure.ac | 1 + 5 files changed, 36 insertions(+), 4 deletions(-) commit 53402f9e5296718d22ddf1a77658067c2751f068 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2017-08-01 pkcs11.h: updated information The scute project no longer exists, and the PKCS#11 standard is from OASIS group. common/pkcs11.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2e5f24b195f11b88825ccdd97af4b8456a2c2a88 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2017-08-01 pkcs11.h: added OTP-related mechanisms common/pkcs11.h | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) commit febad3a45082167a0b882e9b36dc4915d2e0e02c Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2017-08-01 pkcs11.h: added definitions of GOST CKA attributes common/pkcs11.h | 3 +++ 1 file changed, 3 insertions(+) commit 2915740f447d0c17f8bcf5fdf4eccd82f2d9fd50 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2017-07-31 pkcs11.h: added definitions of GOST mechanisms This follows the definitions in PKCS#11 v2.40: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html common/pkcs11.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit db1c3cd7eade9ec30163c394b37a4048d2e359af Author: Daiki Ueno <dueno@redhat.com> Date: 2017-07-03 test: Fix failure on 32-bit big endian platform The value given to p11_rpc_buffer_add_ulong_value() must be a pointer of CK_ULONG. Similarly, the value returned from p11_rpc_buffer_get_ulong_value() must be converted to CK_ULONG before comparison. Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-July/000665.html p11-kit/test-rpc.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) commit bc1f7570968043ba732922f633c24474565d66c0 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-07-14 trust: Fix build error with -Werror=return-type trust/save.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bc2f4c69bd319313dab9d85a6f8d622501593b0a Author: Colin Walters <walters@verbum.org> Date: 2017-07-07 conf: Introduce P11_KIT_NO_USER_CONFIG Currently `ca-certificates.spec` in Fedora ends up doing in `%post`: ``` /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt ``` etc. And due to this bit of code in p11-kit, we end up looking for the home directory for configuration. In this case, `/root`. It's categorically wrong to do this; the root user is distinct from "the system". This issue is equivalent to one I fixed in Pango: https://git.gnome.org/browse/pango/commit/?id=aecbe27c1b08f517c0e05f03308d3ac55cef490c Fast forward to today, and the reason I'm making this change is I'm working on `rpm-ostree ex container`, which builds containers as *non-root* (like gnome-continuous does, but now with RPMs), keeping the invoking uid. And this bug causes the `ca-certificates` `%post` to fail because it's trying to look for my uid 1000 which doesn't exist in the target rootfs' password database. Again, there's no reason to be looking for a home directory for system triggers, regadless of UID, so once this patch lands, I'll update `ca-certificates` to use it, and traditional RPM `%post` will stop looking in `/root` too. p11-kit/conf.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 9dd50249b597109c5956a531e44d46dc344daea5 Author: Fabian Groffen <grobian@gentoo.org> Date: 2017-06-07 common: always use p11_dl_close wrapper Solaris doesn't like it when dlclose is referenced using a define, resulting in a linker error looking for a symbol version. Simply calling the function in a normal way (instead of storing its address) solves this linking error. The error message seen by GNU ld is: dlclose: invalid version 7 (max 0) common/compat.c | 17 +++++++++++------ common/compat.h | 6 ++---- 2 files changed, 13 insertions(+), 10 deletions(-) commit 20b9df53cf07c0693257f5f01fa1ff945b4cae4a Author: Fabian Groffen <grobian@gentoo.org> Date: 2017-06-07 p11_get_upeer_id: implement case using ucred.h Solaris can retrieve this information via getpeerucred(). common/unix-peer.c | 19 +++++++++++++++++++ configure.ac | 3 ++- 2 files changed, 21 insertions(+), 1 deletion(-) commit ca9648c7c1cd38e306d7b3194900e4120eb179a0 Author: Fabian Groffen <grobian@gentoo.org> Date: 2017-06-07 configure: pull in -lnsl -lsocket for socket functions Solaris has socket() etc. in these two libs. configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) commit f992eb64e8cd2925a37ec09d0f5dbd00b5fbb234 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2017-06-23 Be silent by default and do not print messages on stderr As p11-kit is a library there are cases where it is not desirable to log on stderr by default. See for example this report https://bugzilla.redhat.com/show_bug.cgi?id=1464490 where wget prints an error due to an unconfigured pkcs11 module. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> common/message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit af2050a585ee3f242230f69de22b643f6ad2200c Author: Daiki Ueno <dueno@redhat.com> Date: 2017-06-12 doc: Use correct PKCS#11 URI syntax doc/manual/trust.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b309aea5174d6d3af569c2c54632a35825734579 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-06-09 build: Allow use of _GNU_SOURCE This reverts commit 6b457ffc, which forbids the use of GNU extension for the incompatibility of strerror_r. However, now that strerror_l is used instead on glibc systems, it has no point to do that. common/compat.h | 4 ---- common/unix-peer.c | 5 ----- configure.ac | 3 +++ 3 files changed, 3 insertions(+), 9 deletions(-) commit efe6dc56c3951c301dda1b548d4cbcd02e074462 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-06-12 debug: Add p11_debug_err to prevent use of strerror common/debug.c | 35 +++++++++++++++++++++++++++++++++++ common/debug.h | 15 +++++++++++++-- p11-kit/rpc-transport.c | 2 +- 3 files changed, 49 insertions(+), 3 deletions(-) commit bf3c1a9d8e4ace4c3a92b4af56e4b62657907522 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-06-09 compat: Prefer strerror_l to strerror_r strerror_r is being obsolete in the next POSIX specification: http://austingroupbugs.net/view.php?id=655 common/message.c | 15 ++++++++++++++- configure.ac | 4 ++-- 2 files changed, 16 insertions(+), 3 deletions(-) commit bf168f00e64a0291f5a718eb451915768659c160 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-29 Release 0.23.7 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit fe1faa9d814a180d432e4ee97fa5b097cfb2d294 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-29 trust: Suppress dead-assignment warnings from clang-analyzer trust/digest.c | 1 + trust/extract-openssl.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) commit b7ba8c625637f3a161cafd81c4a8a30b1f3971b3 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-29 rpc: Avoid use-after-free when creating socket base directory Spotted by clang-analyzer. p11-kit/server.c | 1 - 1 file changed, 1 deletion(-) commit a2a2108fce9a5cebaee17f29bda8d9edf6a0fbc8 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-29 rpc: Avoid calling memcmp() on NULL buffer Spotted by clang-analyzer. p11-kit/rpc-message.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 3e65d8a23b1f0e1a4d132cf04fdbc9d588cbe02f Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-29 proxy: Don't call realloc() with size 0 Spotted by clang-analyzer. p11-kit/proxy.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 350bd148d3181c564eeb884dadc37aaed7d3fb9b Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-29 build: Delay building test programs until "make check" This is to disable clang-analyzer against test programs, which can contain several false-positives. Makefile.am | 7 +++---- common/Makefile.am | 2 +- p11-kit/Makefile.am | 4 ++-- trust/Makefile.am | 2 +- 4 files changed, 7 insertions(+), 8 deletions(-) commit 6738ade89f10516b589441282e95d5f13f6c1bdd Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-29 travis: Enable clang-analyzer .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit cd64b9a7cb4b9f0030d17917370f50753671b93a Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-29 server: Avoid use-after-free Reported by Mantas Mikulėnas in: https://bugs.freedesktop.org/show_bug.cgi?id=101212 p11-kit/server.c | 1 - 1 file changed, 1 deletion(-) commit 9cbf590b468f9596284c5bc34be8add09f3f5bee Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-26 Release 0.23.6 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 80e3ce9eff5094c2c40905e2cb8b86c4aaf2329b Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-26 test: Check the size of unsigned long configure.ac | 2 ++ p11-kit/test-rpc.c | 18 +++++++++--------- 2 files changed, 11 insertions(+), 9 deletions(-) commit 4de8f7a9c4f8010069402ce943e5d777cd1f3c28 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-26 rpc: Load advapi32.dll on the fly p11-kit/Makefile.am | 7 ----- p11-kit/server.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+), 7 deletions(-) commit 95b67e71e19a8415808b5ddf14f253561f11466f Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-26 remote: Remove unnecessary declaration p11-kit/remote.h | 4 ---- 1 file changed, 4 deletions(-) commit 036c8fc6492b13eacca7433ca44b91b83abeb961 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-26 doc: Clarify p11-kit server documentation doc/manual/p11-kit.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit dd673f20e1ab4916f7565fe055b09433aa88a9b0 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-03-09 server: Port to Windows Instead of a Unix domain socket on Unix, use a named pipe on Windows. p11-kit/Makefile.am | 9 +- p11-kit/server.c | 541 ++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 511 insertions(+), 39 deletions(-) commit da7f0d65355089f4919bcdffca98bd833258db04 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-03-10 rpc: New p11_kit_remote_serve_tokens function doc/manual/p11-kit-sections.txt | 1 + p11-kit/remote.c | 118 +++++++++++++-------------------- p11-kit/remote.h | 14 ++++ p11-kit/rpc-server.c | 142 ++++++++++++++++++++++++++++++++++++++++ p11-kit/server.c | 74 +++++++++++++-------- 5 files changed, 248 insertions(+), 101 deletions(-) commit 7310d92af3b0291ab627fcf3e07800cd5b2983c8 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-03-10 remote: Name command line options consistently p11-kit/remote.c | 4 +- p11-kit/server.c | 183 ++++++++++++++++++++++++++++++++++--------------------- 2 files changed, 116 insertions(+), 71 deletions(-) commit dfe606d40c33a6213b89b310df0964392fd6d64d Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-23 rpc: Convert mechanism parameters for portability This is similar to commit ba49b85e, but for mechanism parameters. p11-kit/rpc-client.c | 153 +--------------------- p11-kit/rpc-message.c | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/rpc-message.h | 31 +++++ p11-kit/rpc-server.c | 33 +++-- p11-kit/test-rpc.c | 66 ++++++++++ 5 files changed, 467 insertions(+), 158 deletions(-) commit 3b484b87e13e52873ea48f920132ecd96cb79cbc Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-23 pkcs11: Define RSA-PSS mechanism parameter common/pkcs11.h | 11 +++++++++++ 1 file changed, 11 insertions(+) commit c11a951a24b91f80e109951b0fe2ce418ea70f17 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-23 pkcs11: Make CK_RSA_PKCS_OAEP_PARAMS useful common/pkcs11.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 9e4ea3ff80b736bddbca834eef7e7f61f4b15c23 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-23 rpc: Fix typo in encoding CK_DATE value p11-kit/rpc-message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 41b07cdf4210b299dc6c92352475c7c095f6f915 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-23 rpc: Factor out attribute value serializer definitions p11-kit/rpc-message.c | 51 +++++++++++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 26 deletions(-) commit f6112aa79a251079aef344d77cbe172031db1e8b Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-24 rpc: Add a comment why we call _get_attribute() twice p11-kit/rpc-server.c | 1 + 1 file changed, 1 insertion(+) commit ba49b85ecf280e7fb6eec96c3ef33c50122e75a6 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-11 rpc: Convert attribute value for portability When using the RPC across multiple architectures, where data models are different, say LP64 vs ILP32, there can be unwanted truncation of attribute values. This patch converts the values into portable format for the known attributes. Co-authored-by: Nikos Mavrogiannopoulos <nmav@redhat.com> p11-kit/rpc-client.c | 63 +++---- p11-kit/rpc-message.c | 509 ++++++++++++++++++++++++++++++++++++++++++++++++-- p11-kit/rpc-message.h | 77 ++++++++ p11-kit/rpc-server.c | 35 ++-- p11-kit/test-rpc.c | 223 +++++++++++++++++++++- 5 files changed, 827 insertions(+), 80 deletions(-) commit 480337a68446033dc9374e9c4fe4d3cae9d4e972 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-22 rpc: Return early if call_id of request is ERROR Otherwise it will cause assertion failure in a few lines below. Spotted by amrican fuzzy lop. p11-kit/rpc-message.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8b64577c3bb4d5dd60e4939223550f2f2002284b Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-22 build: Add fuzzer using AFL build/fuzz/main.c | 44 ++++++++++++++++++++++++++++++++++++ build/fuzz/rpc.in/transcript | Bin 0 -> 146 bytes build/fuzz/rpc_fuzzer.c | 52 +++++++++++++++++++++++++++++++++++++++++++ build/fuzz/run-afl.sh | 46 ++++++++++++++++++++++++++++++++++++++ build/fuzz/transcript | Bin 0 -> 5694933 bytes 5 files changed, 142 insertions(+) commit 723dfeb3dd9b8426c4c1d6236f4b22354c122dae Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-18 trust: Simplify the check for the magic Instead of reusing the CKA_X_GENERATED attribute, check the file contents directly in the caller side. trust/parser.c | 7 +++---- trust/persist.c | 19 +++++++++++-------- trust/persist.h | 3 +++ 3 files changed, 17 insertions(+), 12 deletions(-) commit 66c6a7e912d39d66cd4cc91375ac7be418bf7176 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-18 trust: Check magic comment in persist file for modifiablity A persistent file written by the trust module starts with the line "# This file has been auto-generated and written by p11-kit". This can be used as a magic word to determine whether the objects read from a .p11-kit file are read-only. trust/parser.c | 6 +++++- trust/persist.c | 9 ++++++++- trust/test-token.c | 1 + 3 files changed, 14 insertions(+), 2 deletions(-) commit acf8c4a91a76bf8049f6bfbd95b04e2e36bae4ea Author: Daiki Ueno <dueno@redhat.com> Date: 2017-05-18 Revert "trust: Honor "modifiable" setting in persist file" This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which broke "trust anchor --remove". trust/input/verisign-v1.p11-kit | 1 - trust/parser.c | 10 +--------- trust/test-parser.c | 1 - 3 files changed, 1 insertion(+), 11 deletions(-) commit 5a52fe4fa8dffdaf33cd024e1a4b18c8facb451c Author: Daiki Ueno <dueno@redhat.com> Date: 2017-03-09 remote: Fix typo when writing a credential byte out_fd is not always 1 when p11_kit_remote_serve_module() is used for writing a custom server. p11-kit/rpc-server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 13160c1f95758387dffc41345e20d89ff9b5a5c0 Author: Daniel Black <danielgb@au.ibm.com> Date: 2017-03-06 correct text for --user-config option configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 817a1c67c407850ab1756fdacb1c38e4bded5509 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-03-01 Release 0.23.5 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit a827b55fed09b72ffd0e176c6630cb7b591c6e04 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-28 build: Remove systemd unit files for now Given that the remote proxy service shall be only used by NetworkManager and not generally useful, revert commit a4fb2bb587fb1a0146cf97f039b671d3258488f9 for now. Once the necessary command that runs the proxy module is implemented in p11-kit, maybe NetworkManager itself could install those files. p11-kit/Makefile.am | 19 ------------------- p11-kit/p11-kit-remote.socket | 10 ---------- p11-kit/p11-kit-remote@.service.in | 10 ---------- 3 files changed, 39 deletions(-) commit 7053ace4ae5b3e2129e5a8ffe482420bfc14f894 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-24 systemd: Fix location of p11-kit-remote The p11-kit-remote executable is now located under $libexecdir, but we should use the p11-kit command to launch the subcommand. Makefile.am | 2 ++ configure.ac | 1 - p11-kit/Makefile.am | 8 ++++++++ p11-kit/p11-kit-remote@.service.in | 2 +- 4 files changed, 11 insertions(+), 2 deletions(-) commit 156b0c9249f6da54195d2a6a817ea92552e78bf8 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2017-02-27 fixed license in unix peer file common/unix-peer.c | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) commit b674c94029fd2012d8a5cba13a9e7b8dd097ac56 Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2017-02-23 build: add missing includes for FreeBSD Include signal.h for kill(2) and SIGKILL on FreeBSD. p11-kit/test-transport.c | 1 + 1 file changed, 1 insertion(+) commit bc6fec4422ddc84541776b6f0cfca1542e28f350 Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2017-02-23 build: check for getpeereid In common/unix-peer.c, we are checking if HAVE_GETPEEREID is defined, however, we never actually check if getpeereid() is available, so fix that by checking this function using AC_CHECK_FUNCS(). configure.ac | 1 + 1 file changed, 1 insertion(+) commit 54d9f0799e32796f8e762d8b58ecd4e3dd3fef82 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-17 Release 0.23.4 NEWS | 17 +++++++++++++++++ configure.ac | 6 +++--- 2 files changed, 20 insertions(+), 3 deletions(-) commit 1e80b5858a90497879e1e3faee4c7f76d5cbd6f0 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-20 uri: Support vendor query attributes If an unknown attribute is present in the query part of the PKCS#11 URI, the parser treated it as unrecognized and subsequent matches failed. Instead, keep track of such attributes and provide a set of API to deal with them. doc/manual/p11-kit-sections.txt | 2 + p11-kit/test-uri.c | 40 ++++++++++++++++ p11-kit/uri.c | 100 +++++++++++++++++++++++++++++++++++++++- p11-kit/uri.h | 6 +++ 4 files changed, 146 insertions(+), 2 deletions(-) commit eb65a85a4abfbab489f271c9f074409ba46ce8f5 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-21 rpc: Make it less verbose about connection failure The connection failure here is not fatal. Use p11_debug() instead of p11_message(). p11-kit/rpc-transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c65752d596e69f48ebe67694cfb2a91697a676bf Author: Mantas Mikulėnas <grawity@gmail.com> Date: 2017-02-20 rpc: Try $XDG_CACHE_HOME before ~/.cache This is unset on most systems, but might as well follow the Base Directory spec properly. p11-kit/client.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 8eed1e60b0921d05872e2f43eee9088cef038d7e Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-17 trust: Honor "modifiable" setting in persist file Previously, all objects read from p11-kit persist files are marked as modifiable when parsing, regardless of the explicit "modifiable: false" setting in the file. Reported by Kai Engert in: https://bugs.freedesktop.org/show_bug.cgi?id=99797 trust/input/verisign-v1.p11-kit | 1 + trust/parser.c | 10 +++++++++- trust/test-parser.c | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) commit 0684cd7b7f815b411ea5041c021f92ca5ef42606 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-11 rpc: Add PKCS#11 module that connects to socket This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL. Makefile.am | 3 + doc/manual/Makefile.am | 1 + doc/manual/p11-kit.xml | 17 ++++ p11-kit/Makefile.am | 58 ++++++++++--- p11-kit/client-init.c | 109 +++++++++++++++++++++++++ p11-kit/client.c | 215 +++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/client.h | 41 ++++++++++ p11-kit/modules.c | 10 +++ p11-kit/proxy-init.c | 98 ++++++++++++++++++++++ p11-kit/remote.c | 2 +- p11-kit/util.c | 57 ------------- trust/Makefile.am | 3 +- 12 files changed, 543 insertions(+), 71 deletions(-) commit c28ff652e5d6c6ddff513716e22064e0e17a58d3 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-25 remote: Add API to serve a token doc/manual/p11-kit-sections.txt | 1 + p11-kit/remote.h | 5 +++++ p11-kit/rpc-server.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+) commit 426b693aa7fe2e9750abf8cb39f28251a4b54668 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-26 remote, server: Recognize PKCS#11 URI p11-kit/remote.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 69 insertions(+), 8 deletions(-) commit 4bac7e0e95712a4c7bfd03471c973f491ad81df4 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2016-08-24 p11-kit: Add 'p11-kit server' command This adds a new tool to the p11-kit command called 'server', which allows us to access a PKCS#11 module over a Unix domain socket. Internally, it is implemented as a wrapper around 'p11-kit remote'. Upon connection it executes 'p11-kit remote' in a forked process. configure.ac | 3 + p11-kit/Makefile.am | 14 ++ p11-kit/server.c | 578 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 595 insertions(+) commit f2742c72bc29444bcfe63425819506fa42073d64 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2016-08-24 common: New p11_get_upeer_id() function common/Makefile.am | 6 ++++ common/unix-peer.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/unix-peer.h | 42 +++++++++++++++++++++++++++ 3 files changed, 132 insertions(+) commit 89fa381ce5573a925b90da973cd8956937d79caa Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2016-08-24 rpc: New rpc_unix transport based on Unix socket p11-kit/rpc-transport.c | 89 +++++++++++++++++++++++++++++++++++ p11-kit/test-transport.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 207 insertions(+) commit 3bab48000c4e61104b30ac379806cad3e1376ea6 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-25 common: Add path encoding functions This adds p11_path_{encode,decode}(), following the escaping rule described in: https://dbus.freedesktop.org/doc/dbus-specification.html#addresses Although they are merely a wrapper around p11_url_{decode,encode}(), having dedicated functions hides the implementation details. common/path.c | 33 +++++++++++++++++++++++++++++++++ common/path.h | 4 ++++ common/test-path.c | 22 ++++++++++++++++++++++ 3 files changed, 59 insertions(+) commit 5442b1cfa13da9307cc38a8fd289a67a05fe26ad Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-15 travis: Enable mingw64 cross build .travis.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 98f02ef5ebf6966af4937dd2f730d808f13d8a1c Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-16 trust: Fix uninitialized value in anchor command trust/anchor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6dfa59954d882971e4516192f18319cbc75b5e4b Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-16 library: Initialize p11_virtual_mutex for Windows common/library.c | 2 ++ 1 file changed, 2 insertions(+) commit 8594841ed349818bb8cb43a57b734a7945427c64 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-16 test: Fix modules test for Windows Synchronize the fixture module to the non-Unix one and enable "/modules/test_filename". p11-kit/fixtures/system-modules/win32/one.module | 4 +++- p11-kit/test-modules.c | 4 +--- 2 files changed, 4 insertions(+), 4 deletions(-) commit 63b31ebfa1a978789cb31635fd95d00d7e398fa2 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-15 trust: Fix saving trust file on Windows trust/save.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 99aabc614cce4e0a9751d9409546c34abc1fe2db Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-15 test: Fix Windows test case for p11_path_expand common/test-path.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b534f1801d82c565e38305b2ed73dd00dc165f65 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-15 rpc: Port exec transport to Windows On Windows, use _spawnv() to create a subprocess and two unidirectional pipe created with _pipe() to communicate with it. If we can assume WinSock, it might be simpler to use a socketpair() replacement from: https://github.com/ncm/selectable-socketpair. p11-kit/rpc-transport.c | 275 ++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 245 insertions(+), 30 deletions(-) commit 46e35810f8e9774bd5984b9fcb6d92450bf6ba0a Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-15 build: Adjust executable/module names for Windows Append EXEEXT or SHLEXT to the filename if needed. configure.ac | 2 ++ p11-kit/p11-kit.c | 7 ++++++- p11-kit/test-transport.c | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) commit 69293e9e894c9a3141f8d59e78a81b3fcf2beb28 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-01 build: Avoid undefined reference to rpc_exec_init p11-kit/rpc-transport.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 7b5ad15a68ab7fc0a0cb051f641120c6301694a7 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-01 build: Include <unistd.h> for execv trust/extract.c | 1 + 1 file changed, 1 insertion(+) commit b78bc9304b21da16312473b1f4dc0f8870fb8df9 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-01 build: Check *asprintf on all platforms configure.ac | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit b16500f93407aef72445b03c1ee96c6768917906 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-15 argv: Fix misinterpretation of backslash in quotes Don't append the backslash character twice to the output. It is interpolated a few lines below, if it is really required. common/Makefile.am | 4 ++ common/argv.c | 2 +- common/test-argv.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 119 insertions(+), 1 deletion(-) commit 873d391fa5015e8c5c82457a0641ed5bb1e2b7e3 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-16 compat: Fix character generation in mk{s,d}temp() common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b8f1e4febe31f18bf63a3a9ad0e336ede82dd0f1 Author: Kai Engert <kaie@kuix.de> Date: 2017-02-02 Fix a typo in "x-cetrificate-value", see also https://bugs.freedesktop.org/show_bug.cgi?id=99600 common/constants.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dbadd5da6ccbb17ec5c4bbb142fdc244b4903bfb Author: Kai Engert <kaie@kuix.de> Date: 2017-02-02 Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files. See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976 and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453 common/constants.c | 1 + common/pkcs11x.h | 1 + trust/builder.c | 1 + trust/persist.c | 1 + 4 files changed, 4 insertions(+) commit ee740e904030c3fb2640f524014474a510dda7eb Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-16 library: Deinit p11_virtual_mutex Follow-up fix for commit 4d228aa0, which forgot to clear p11_virtual_mutex on library finalization. common/library.c | 1 + 1 file changed, 1 insertion(+) commit 4d228aa0129bcafb97d7196d8c18e379b492406d Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-14 virtual: Move mutex into p11_library_init() We used to provide p11_virtual_fixed_{,un}init() to only initialize a mutex used in virtual.c. That required all the tests calling virtual functions to call p11_virtual_fixed_{,un}init() in main(). For simplicity, move the mutex variable initialization into p11_library_init(). common/library.c | 3 +++ common/library.h | 3 +++ p11-kit/util.c | 5 ----- p11-kit/virtual-fixed.h | 3 --- p11-kit/virtual.c | 27 +++++---------------------- 5 files changed, 11 insertions(+), 30 deletions(-) commit 1ea08989cecee217befd3b964b5a4f0d584e2a29 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-02-13 trust: Revert to the original 'extract' behavior Since commit f4384a40, due to a missing ex->flags setting, the 'trust extract' command didn't retrieve correlation between related objects and that was causing assertion failure when writing PEM files. https://bugs.freedesktop.org/show_bug.cgi?id=99795 trust/extract.c | 1 + 1 file changed, 1 insertion(+) commit fd9b5c19485e2b88150696b523d889df2ed41cba Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-13 filter: New virtual wrapper for access control doc/manual/Makefile.am | 1 + p11-kit/Makefile.am | 5 + p11-kit/filter.c | 420 +++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/filter.h | 55 +++++++ p11-kit/test-filter.c | 143 +++++++++++++++++ 5 files changed, 624 insertions(+) commit 3d54011b0d0bf1b31fbab8d7025b7201722d61c3 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-17 iter: Enable iteration over slots/tokens/modules While PKCS#11 URI can identify slots/tokens/modules, P11KitIter is only capable of iterating over objects. This patch adds new behaviors to P11KitIter to support iterations over slots/tokens/modules, using the C coroutine trick as described in: http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html doc/manual/p11-kit-sections.txt | 2 + p11-kit/iter.c | 149 +++++++++++++++++++++++++++++++------- p11-kit/iter.h | 16 +++- p11-kit/test-iter.c | 157 +++++++++++++++++++++++++++++++++++++++- 4 files changed, 297 insertions(+), 27 deletions(-) commit 77913af71be81208b4e9af68cd10bc55669543e1 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-23 uri: Relax pin-* parsing for compatibility While 'pin-source' and 'pin-value' are defined as query atttribute, they were defined as path attribute in earlier drafts, and some implementations still stick to it. For backward compatibility, accept those in path attributes when parsing (but not when formatting). Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-January/000637.html p11-kit/uri.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) commit cfa9fefb2b4c4d8c1d38284817c61dcf5d3f4716 Author: Stef Walter <stefw@redhat.com> Date: 2017-01-29 trust: Implement a 'trust dump' command This dumps all the PKCS#11 objects in the internal .p11-kit persistence format. This is part of the trust command and tooling, even though at some point it could go in the p11-kit command. The reason for this is that the code related to the internal .p11-kit objects is in the trust code, and consumed solely by the trust related modules. doc/manual/trust.xml | 39 +++++++++++ trust/Makefile.am | 1 + trust/dump.c | 191 +++++++++++++++++++++++++++++++++++++++++++++++++++ trust/dump.h | 43 ++++++++++++ trust/trust.c | 2 + 5 files changed, 276 insertions(+) commit 2a46d81d84682181e0108ff2e5f973f7a319d25f Author: Stef Walter <stefw@redhat.com> Date: 2017-01-29 trust: Don't encode spaces when writing .p11-kit format These should not be encoded by default for readability in strings. trust/persist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6caa48db1cab9a4d680062edcd139d9625c5aa7f Author: Stef Walter <stefw@redhat.com> Date: 2017-01-29 trust: Add an "all" filter option for trust commands trust/enumerate.c | 3 +++ 1 file changed, 3 insertions(+) commit f4384a40657e6abde6658ac7600abb879818b493 Author: Stef Walter <stefw@redhat.com> Date: 2017-01-29 trust: Make extraction and correlation of certificate info optional This is so that the code can be shared by the upcoming 'trust dump' command where correlation between related objects is not desired. trust/enumerate.c | 28 +++++++++++++++------------- trust/enumerate.h | 1 + trust/list.c | 1 + trust/test-bundle.c | 1 + trust/test-cer.c | 1 + trust/test-enumerate.c | 16 ++++++++++------ trust/test-openssl.c | 1 + 7 files changed, 30 insertions(+), 19 deletions(-) commit d5a2d993c8e983290aea33fac2a086240af39c6b Author: Stef Walter <stefw@redhat.com> Date: 2017-01-29 trust: Load all attributes for each object when enumerating We load all known attributes for each object we're enumerating over in the 'trust list' and 'trust extract' commands. trust/enumerate.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) commit 9bb1613011370b00c7b561d7de30c205a246a586 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-25 virtual: Make virtual-fixed internal API cleaner Add proper inclusion guard to virtual-fixed.h and move the declarations of the (un)initialization functions there. p11-kit/util.c | 10 +++++----- p11-kit/virtual-fixed.h | 9 +++++++++ p11-kit/virtual.c | 4 ++-- p11-kit/virtual.h | 4 ---- 4 files changed, 16 insertions(+), 11 deletions(-) commit 08ecac9deb63904c6482eab64198580aac9e1a4e Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-25 test: Release transport mock module To prevent leaks of fixed closures, p11_kit_module_release() needs to be called on the mock module itself. p11-kit/test-transport.c | 1 + 1 file changed, 1 insertion(+) commit c01b59e5594b395cf084068e513a68f63c9b95a4 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2016-11-30 test: Check exhaustion of fixed closures p11-kit/test-managed.c | 49 +++++++++++++++++++++++++++++++++++++++++++++---- p11-kit/test-modules.c | 38 +++++++++++++++++++++++++++++++++++++- 2 files changed, 82 insertions(+), 5 deletions(-) commit 9f632bed73c8800af16a69c97bd4c315bd350f8b Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-26 build: Make libffi closure optional libffi's closure support is not available on all platforms and may fail at run time if running under a stricter SELinux policy. Fallback to pre-compiled closures if it is not usable. https://bugs.freedesktop.org/show_bug.cgi?id=97611 configure.ac | 11 - doc/manual/Makefile.am | 1 + p11-kit/Makefile.am | 5 +- p11-kit/modules.c | 26 +- p11-kit/proxy.c | 2 +- p11-kit/test-init.c | 12 +- p11-kit/test-virtual.c | 1 - p11-kit/util.c | 5 + p11-kit/virtual-fixed.h | 1135 +++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/virtual.c | 614 ++++++++++++++++++++----- p11-kit/virtual.h | 6 +- 11 files changed, 1662 insertions(+), 156 deletions(-) commit 91861f634a1299af28a29de70c45f469562123f6 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-23 maint: Add .dir-locals.el file for Emacs .dir-locals.el | 1 + 1 file changed, 1 insertion(+) commit 7f6488fc95a2cbd3b8012923d6fd522a83ae6bba Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-23 travis: Enable strict code compilation .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1e0bc1f164ce73f9feeeb14754d09072b3e9bc68 Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2017-01-21 Fix compiler warnings on FreeBSD * common/compat.c: Fix "implicit declaration of function 'issetugid'" warning. On FreeBSD, it's required to define __BSD_VISIBLE to make issetugid(2) visible * common/test-message.c: Fix "implicit declaration of function 'asprintf'" by including <stdio.h> * p11-kit/test-iter.c: Fix "format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'int'" by changing format string to "%d" common/compat.c | 4 ++++ common/test-message.c | 1 + p11-kit/test-iter.c | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) commit a4fb2bb587fb1a0146cf97f039b671d3258488f9 Author: Lubomir Rintel <lkundrak@v3.sk> Date: 2016-12-08 systemd: add per-user remoting socket This allows daemons outside user's session to use per-user PKCS#11 modules. Useful for letting VPN daemons or wpa_supplicant use certificates stored in user's GNOME keyring, etc. .gitignore | 1 + configure.ac | 1 + p11-kit/Makefile.am | 11 +++++++++++ p11-kit/p11-kit-remote.socket | 10 ++++++++++ p11-kit/p11-kit-remote@.service.in | 10 ++++++++++ 5 files changed, 33 insertions(+) commit 563606efe17cbf3b84679f5e54f60b8d68ba9015 Author: Lubomir Rintel <lkundrak@v3.sk> Date: 2015-11-03 common: use recursive pthread mutex for library lock This allows us to do nested locking within one thread avoiding a lockup when remoting the p11-kit-proxy.so module: #0 0x00007f190f35838d in __lll_lock_wait () from /lib64/libpthread.so.0 #1 0x00007f190f351e4d in pthread_mutex_lock () from /lib64/libpthread.so.0 #2 0x00007f190f98657f in C_GetFunctionList (list=0x7ffe7ec3f798) at p11-kit/proxy.c:2355 #3 0x00007f190f993cc9 in dlopen_and_get_function_list (funcs=0x7ffe7ec3f798, path=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", mod=0x249e3d0) at p11-kit/modules.c:337 #4 load_module_from_file_inlock (name=name@entry=0x0, path=path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", result=result@entry=0x7ffe7ec3f7e8) at p11-kit/modules.c:382 #5 0x00007f190f99587f in p11_kit_module_load (module_path=module_path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", flags=flags@entry=0) at p11-kit/modules.c:2427 #6 0x0000000000401c4b in serve_module_from_file (file=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so") at p11-kit/remote.c:105 #7 main (argc=1, argv=<optimized out>) at p11-kit/remote.c:169 The Windows NT mutex is aready recursive by default. common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cfc654b2a532aa1adf3cda4bdee8b1397920f912 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-18 uri: Support query attributes to specify module Accept and produce 'module-name' and 'module-path' query attributes defined in RFC 7512. doc/manual/p11-kit-sections.txt | 4 ++ p11-kit/test-uri.c | 115 ++++++++++++++++++++++++++++++++++++++ p11-kit/uri.c | 121 +++++++++++++++++++++++++++++++++++++--- p11-kit/uri.h | 10 ++++ 4 files changed, 241 insertions(+), 9 deletions(-) commit a126365a49547da6b532210a886bb5d5fc531b77 Author: Daiki Ueno <dueno@redhat.com> Date: 2017-01-16 uri: Avoid typecasting confusion on s390x Like memcpy(), the 'void *' argument of p11_buffer_add() points to the memory area ordered in host's endianness. Add typecast of int->char to avoid the confusion. Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-January/000633.html p11-kit/uri.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 726c08847c263af9c9fd8c74aea738612795dbb6 Author: Lubomir Rintel <lkundrak@v3.sk> Date: 2016-12-28 uri: fix producing the query attributes Put the pin-* attributes where they belong: to the query part. p11-kit/test-uri.c | 2 +- p11-kit/uri.c | 81 +++++++++++++++++++++++++++++++----------------------- 2 files changed, 48 insertions(+), 35 deletions(-) commit cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea Author: Lubomir Rintel <lkundrak@v3.sk> Date: 2016-12-28 uri: fix the query attribute parsing The pin-* attributes belong to the query part. We should not parse them until we see a '?' and they're separated with a '&'. This might be an important thing -- some of the query attributes may have security implications reaching outside scope of the token itself, to the host system itself. E.g. a pin-source may cause the consumer to access a file or module-path (unimplemented) execute code. The user may want to just chop the attribute part off if they want the consumer access the token and not take the security considerations into account. p11-kit/test-uri.c | 6 +++--- p11-kit/uri.c | 50 +++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 42 insertions(+), 14 deletions(-) commit 287ae8c14145d9cef55079e4de36b1607176cf89 Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2017-01-07 build: improve p11-kit-proxy symlink handling - Current command for creation of the p11-kit-proxy symlink uses shell brace expansion that isn't supported by all the shells (e.g. FreeBSD's /bin/sh does not support that). Replace it with the old-fashioned 'for' loop - Match extension of the source and the target, i.e. so links to so, dylib links to dylib (previously dylib linked to so) - Add an uninstall-local target to clean up the symlink p11-kit/Makefile.am | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 794385d24fe794455798946ce9de1e2280e78a8c Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-13 Release version 0.23.3 NEWS | 10 ++++++++++ configure.ac | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) commit 62d7cd6a0e1ce76b2dd6c5a44933cee1bac93c19 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-19 doc: More tweaks for gtk-doc doc/manual/p11-kit-sections.txt | 7 +++++++ 1 file changed, 7 insertions(+) commit eb6433f0d1406d3dda42c98fa94060cab5d5d0ac Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-19 doc: Mention new API functions doc/manual/p11-kit-sections.txt | 6 ++++++ 1 file changed, 6 insertions(+) commit 4442748b1cbb4da4f355ece6d498a2272e2c7238 Author: Andreas Metzler <ametzler@bebt.de> Date: 2016-12-15 rpc: Fix typo flagged by lintian p11-kit/rpc-server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9773fa8ca877d305a5dea26d07cfcfc445232ae2 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-13 test: Remove setgid()ed copy of frob-getenv Otherwise the file is left in builddir, after make distclean. common/test-compat.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 5af8da1f4949807925e23b866f6280dcf7d74f87 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-13 test: Fix privatedir substitution in test-extract Since $privatedir expands to "${libexecdir}/p11-kit", $libexecdir must be substituted in the script beforehand. trust/test-extract.in | 1 + 1 file changed, 1 insertion(+) commit 352d2090628d6a040846508e51de06318b69a475 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-06 pkcs11: Update CRYPTOKI_VERSION to 2.40 common/pkcs11.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 5287a57b9e6d96504af4ad0f989328397f845d55 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-06 pkcs11: Add CK_RSA_PKCS_OAEP_PARAMS definition https://bugzilla.redhat.com/show_bug.cgi?id=1191209 common/pkcs11.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 15a28b263f37de4796899dff04bcf3886f9d010e Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-06 pkcs11: Add CKA_COPYABLE definition https://bugzilla.redhat.com/show_bug.cgi?id=1191231 common/pkcs11.h | 1 + 1 file changed, 1 insertion(+) commit ccc81bbfaffb5617a509126b8f882b6c930434e3 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-06 pkcs11: Add AES key wrap mechanisms https://bugzilla.redhat.com/show_bug.cgi?id=1191231 common/pkcs11.h | 3 +++ 1 file changed, 3 insertions(+) commit b034e8601036c41acfcbd39f12fcd4bfb75dfd13 Author: Pankaj <pankaj.s01@samsung.com> Date: 2016-09-20 proxy: Remove redundant NULL check https://bugs.freedesktop.org/show_bug.cgi?id=93589 p11-kit/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f8ff3bec65e31dad1cabe0bd3e2f1fae9ef77f40 Author: Pankaj <pankaj.s01@samsung.com> Date: 2016-09-20 modules: Remove redundant NULL check https://bugs.freedesktop.org/show_bug.cgi?id=93588 p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 873e52cc72701f7a5714a5006f15810ba5981d10 Author: Pankaj <pankaj.s01@samsung.com> Date: 2016-09-20 proxy: Check return value of calloc() https://bugs.freedesktop.org/show_bug.cgi?id=92815 p11-kit/proxy.c | 1 + 1 file changed, 1 insertion(+) commit 2cf22900bbcb3a0f3d11b56ad262bef33e997a00 Author: Pankaj <pankaj.s01@samsung.com> Date: 2016-09-20 mock: Check return value of calloc() https://bugs.freedesktop.org/show_bug.cgi?id=92813 common/mock.c | 1 + 1 file changed, 1 insertion(+) commit 694c95d8da89e2f6aae47c7c379b3c0e2b9adbe8 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-12-06 doc: State 'p11-kit trust' is a deprecated form https://bugzilla.redhat.com/show_bug.cgi?id=1160783 doc/manual/p11-kit.xml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit b3418c2f0d223955723df7d65a31026ad038d943 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-23 trust: Don't add CKA_TRUSTED to extension object While 'trust anchor' command tries to add CKA_TRUSTED attribute to any object, it is only valid for a certificate object. https://bugzilla.redhat.com/show_bug.cgi?id=1158926 trust/anchor.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) commit 65e8ad30e7832f3a979f88f4308cfa4f9a969829 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-22 common, trust: Avoid integer overflow This fixes issues pointed in: https://bugzilla.redhat.com/show_bug.cgi?id=985445 except for p11-kit/conf.c:read_config_file(), which was rewritten using mmap() and thus length calculation is no longer needed. common/compat.c | 8 ++++++-- common/path.c | 2 ++ common/url.c | 2 +- trust/base64.c | 5 +++++ 4 files changed, 14 insertions(+), 3 deletions(-) commit 99c3d823fc96c47af4810a5ee091501721159a48 Author: Stanislav Brabec <sbrabec@suse.com> Date: 2016-11-22 move privatedir from libdir to libexecdir According to the GNU Coding Standards[1], private executables should be installed to libexecdir, not libdir. Move privatedir to libexecdir. [1] https://www.gnu.org/prep/standards/ https://bugs.freedesktop.org/show_bug.cgi?id=98817 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c7d33b9fc54d618feda8960f12c71214dc9ec697 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-27 trust: Avoid confusion in DER/PEM decoding Previously p11-kit-trust.so tried to interpret certificate as PEM format first. This could cause potential conflict if the certificate were actually in DER format and contained a PEM marker strings. https://bugs.freedesktop.org/show_bug.cgi?id=92063 trust/test-token.c | 18 ++++++++++ trust/test-trust.h | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 2 +- 3 files changed, 115 insertions(+), 1 deletion(-) commit 2b86585f1b1d140b73b693c81aac8b4a9af1cb8d Author: Stef Walter <stefw@redhat.com> Date: 2016-11-29 doc: Update documentation to point towards GitHub The p11-kit code has moved to GitHub. The documentation needs an update. HACKING | 5 ++++- doc/manual/p11-kit-devel.xml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) commit 8046370a9d0c8333d84a1294c302d21634729cc8 Author: Lubomir Rintel <lkundrak@v3.sk> Date: 2016-11-28 test-conf: don't create the setuid copy in /tmp The temporary directory is often mounted with nosuid, thus whatever runs from there doesn't get AT_SECURE in auxv. common/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9cb55d7357db929960dca26b9f22f488b756bac2 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-27 trust: Clarify the error message of 'extract' https://bugzilla.redhat.com/show_bug.cgi?id=1154693 trust/extract.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit d6d0dfd10e360fdcb974e74abe92bb0910bdf172 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-23 trust: Mention anchor --remove option in help https://bugzilla.redhat.com/show_bug.cgi?id=1158467 trust/anchor.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1d2276dc20153eb513d67aeb3464cf0c1edf6d38 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-22 trust: Reject invalid UTF-8 input Merge changes from utf8.c in FreeBSD's libc: https://svnweb.freebsd.org/base/head/lib/libc/locale/utf8.c?revision=290494&view=markup#l196 https://bugzilla.redhat.com/show_bug.cgi?id=985449 trust/test-utf8.c | 2 ++ trust/utf8.c | 6 ++++++ 2 files changed, 8 insertions(+) commit 3846526ee94f6b4bbc0ea07d9d3cb72ed9f92707 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-22 pkg-config: Expose p11_trust_paths variable The variable is mentioned in the manual but wasn't exposed from the pkg-config. p11-kit/p11-kit-1.pc.in | 1 + 1 file changed, 1 insertion(+) commit c32a16ce821cf37307e53139027c5939c0b1925b Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-22 build: Remove *.in files from EXTRA_DIST The files created with AC_CONFIG_FILES are automatically added to the distribution. p11-kit/Makefile.am | 2 -- 1 file changed, 2 deletions(-) commit 4965a8b2f150ea6c8dadd7dd22aab718f2814591 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-10-21 build: Don't update po files on every make run Update po/Makevars to the latest template and take advantage of PO_DEPENDS_ON_POT = no. po/Makevars | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) commit de5f2e5c59a8811aaea0c19a4a8899e370413851 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-10-31 travis: Enable GCC sanitizers .travis.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 09f584cbef43cac2a071b54f0fc97dd318fe88ea Author: Daiki Ueno <dueno@redhat.com> Date: 2016-10-31 travis: Disable silent rules .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b6305c66bfb607f49c99f820e7123c753364e894 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-21 test: Remove /proxy/deinit-after-fork test This test hasn't been working since the removal of the pthread_atfork() deinit code. To properly clean up, the child process needs to call C_Initialize() and C_Finalize(), and it is already tested by /proxy/initialize-child. p11-kit/test-proxy.c | 37 ------------------------------------- 1 file changed, 37 deletions(-) commit bc6469c4fd576c698bab9c8b620de00d7ba1fe1a Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-20 test: Fix memleak in test-token cleanup GCC's asan spotted this: Direct leak of 338 byte(s) in 13 object(s) allocated from: #0 0x7f54f03fee20 in malloc (/lib64/libasan.so.3+0xc6e20) #1 0x445e8c in p11_path_build ../common/path.c:222 #2 0x4385bd in expand_tempdir ../common/test.c:334 #3 0x43869c in p11_test_directory ../common/test.c:361 #4 0x4033e3 in setup_temp ../trust/test-token.c:79 trust/test-token.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ecaf79c6a0b35e55b27f465c6d6628f165874b78 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-22 modules: Reset the init count on fork() Reset mod->init_count when forkid has changed. Otherwise C_Finalize does not get called. GCC's asan spotted this: Direct leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f89bc7bfe20 in malloc (/lib64/libasan.so.3+0xc6e20) #1 0x7f89bc47a1f1 in p11_dict_new ../common/dict.c:278 #2 0x7f89bc42143d in managed_C_Initialize ../p11-kit/modules.c:1477 #3 0x7f89bc464c72 in binding_C_Initialize ../p11-kit/virtual.c:121 #4 0x7f89bc1b0a51 in ffi_closure_unix64_inner (/lib64/libffi.so.6+0x5a51) #5 0x7f89bc1b0dbf in ffi_closure_unix64 (/lib64/libffi.so.6+0x5dbf) #6 0x7f89bc44f9e8 in rpc_C_Initialize ../p11-kit/rpc-server.c:691 p11-kit/modules.c | 4 ++++ 1 file changed, 4 insertions(+) commit ae0527969dbb2dea5bf97257c92a65b72ba71db5 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-21 modules: Fix memleak when loading remote module Make sure to call p11_virtual_uninit() on managed module. Otherwise the associated lower_module will not be released. GCC's asan spotted this: Direct leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7f6c5368dfe0 in calloc (/lib64/libasan.so.3+0xc6fe0) #1 0x4436ba in p11_rpc_client_init ../p11-kit/rpc-client.c:2082 #2 0x42c147 in p11_rpc_transport_new ../p11-kit/rpc-transport.c:850 #3 0x415d95 in setup_module_for_remote_inlock ../p11-kit/modules.c:411 p11-kit/modules.c | 2 ++ 1 file changed, 2 insertions(+) commit 7e94bcac88e16c22b8258bcdcb4b2165b198679a Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-21 rpc: Fix memleak in rpc_socket cleanup GCC's asan spotted this: Direct leak of 120 byte(s) in 1 object(s) allocated from: #0 0x7f8d4f221fe0 in calloc (/lib64/libasan.so.3+0xc6fe0) #1 0x427f55 in rpc_socket_new ../p11-kit/rpc-transport.c:100 #2 0x42bc1b in rpc_exec_connect ../p11-kit/rpc-transport.c:767 p11-kit/rpc-transport.c | 1 + 1 file changed, 1 insertion(+) commit 07cadc6fd3716f1b2a8265c40b59426847042967 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-23 uri: Port to PKCS#11 GNU calling convention https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/uri.h | 2 ++ 1 file changed, 2 insertions(+) commit c30353ec1869024de672731236d9a4acd2f7dd28 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-20 uri: Fix buffer overflow in memcmp() The commit 63644dc introduced several memcmp() calls without checking the length of the first argument. https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/uri.c | 57 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 25 deletions(-) commit dd514f46c880c508f69412850286d70ec8967758 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-10-06 travis: Enable build on the CI .travis.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) commit a96f354c3068edb6c8ac80ae6d9a6611651145d7 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-19 rpc: Send x-init-reserved to remote module Signed-off-by: Stef Walter <stefw@redhat.com> * Fixed up indentation https://bugs.freedesktop.org/show_bug.cgi?id=80519 p11-kit/Makefile.am | 7 ++++- p11-kit/mock-module-ep3.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/modules.c | 30 ++++++++++++--------- p11-kit/rpc-client.c | 16 ++++++++++- p11-kit/rpc-message.h | 2 +- p11-kit/rpc-server.c | 13 +++++++++ p11-kit/test-transport.c | 24 +++++++++++++++++ 7 files changed, 144 insertions(+), 16 deletions(-) commit 2fe688e8bd360ce2f364bfb6ef80e07712c9bb86 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-09-20 test: Fix p11_virtual_init() usage p11_virtual_init() should take a CK_FUNCTION_LIST as the 3rd argument, if the 2nd argument is &p11_virtual_base. https://bugs.freedesktop.org/show_bug.cgi?id=87192 p11-kit/test-virtual.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6923e8fb56692b20d24398d4746d2399490acdc1 Author: Leonardo Brondani Schenkel <leonardo.schenkel@gmail.com> Date: 2016-10-03 Fix link of p11-kit-proxy.dylib on Mac OS X However, on Mac OS X the library is named libp11-kit.dylib so in the above command the source of the link resolves to nothing, the destination becomes the source and the link to a non-existent file is created in the working directory. https://bugs.freedesktop.org/show_bug.cgi?id=98022 p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d74e29cf9733a405a0ea254a2d1edf236ae8735e Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-12 test: Make test-module work --without-trust-module The test-module program currently depends on TRUST_PATHS, which is determined by the configure script and normally points to a resource outside of the build tree. To make the test system-independent, use a crafted path for testing. https://bugs.freedesktop.org/show_bug.cgi?id=89027 trust/test-module.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 927c8e98f159607acf7fa8b0f5bcf9a4d0497742 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-10 iter: Utilize 'slot-id' URI path attribute https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/iter.c | 8 +++++- p11-kit/test-iter.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 1 deletion(-) commit e0c5d429df6ebe2cb88425edf42f65bfb33f0b77 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-10 iter: Utilize slot info URI path attributes https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/iter.c | 27 ++++++++++++++ p11-kit/iter.h | 2 + p11-kit/test-iter.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 134 insertions(+) commit 31fbc32c41518b93a7b9903d7840378bab55370c Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-08 uri: Support 'slot-id' path attribute Accept 'slot-id' path attribute defined in RFC 7512. https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/test-uri.c | 47 ++++++++++++++++++++++++++++++++ p11-kit/uri.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++--- p11-kit/uri.h | 4 +++ 3 files changed, 126 insertions(+), 3 deletions(-) commit 8577e4dc23349ae8d04708190de6d1ae469ab460 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-08 uri: Support slot info path attributes Accept 'slot-description' and 'slot-manifacturer' path attributes defined in RFC 7512. https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/private.h | 3 ++ p11-kit/test-uri.c | 70 +++++++++++++++++++++++++++++++++++++ p11-kit/uri.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/uri.h | 6 ++++ 4 files changed, 180 insertions(+) commit 63644dcb6ccf52508f41633945fce9c3a8e46d3d Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-08 uri: Remove whitespace early when parsing For every path/query component, p11_kit_uri_parse() allocates a small buffer to strip whitespace out. This patch removes any whitespace in the URI at the entry of the function to simplify the code. Note that RFC 7512 actually suggests to ignore whitespace at the extracting phase rather than the parsing phase. https://bugs.freedesktop.org/show_bug.cgi?id=97245 p11-kit/uri.c | 144 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 78 insertions(+), 66 deletions(-) commit d8f90d300eb76e04dec2caba99f78e7f8a99b215 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-12 Fix leak when C_Initialize() is called from child The test case added for bug 90289 (commit c73edd00) revealed that some of the C_Initialize() implementations do not consider the case where it is called from the parent process and then from the child process, without calling C_Finalize() in between. common/mock.c | 3 +++ p11-kit/modules.c | 2 ++ 2 files changed, 5 insertions(+) commit 8afd8d92771d279b38acc098c84027b2cf0dd168 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-18 configure: Remove redundant AM_GNU_GETTEXT There is the same line a few lines below. configure.ac | 1 - 1 file changed, 1 deletion(-) commit 8c8c81942038e0068472dd9bab8d57c00b2acee4 Author: Daiki Ueno <dueno@redhat.com> Date: 2016-08-12 Fix typos flagged by codespell p11-kit/fixtures/test-system-none.conf | 2 +- p11-kit/iter.c | 8 ++++---- p11-kit/modules.c | 4 ++-- p11-kit/rpc-server.c | 2 +- p11-kit/util.c | 2 +- trust/builder.c | 2 +- trust/p11-kit-trust.module | 2 +- trust/parser.c | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) commit fb73b3a908d8fa21b0e7f6461fc9e77c1e15f4b3 Author: Stef Walter <stefw@redhat.com> Date: 2016-08-09 Fix typo in pkcs11.conf Pointed out by David Woodhouse doc/manual/pkcs11.conf.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fedcaf873e4d08741407c7be1db8c2d73dcc1241 Author: Stef Walter <stefw@redhat.com> Date: 2016-08-09 doc: Fix interpolation of p11-kit configuration paths in documentation Previously these were expanded based on the home directory of the one building the documentation (me). doc/manual/Makefile.am | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 77d0791d0d6baf6fcc7578e0d170d754850c4068 Author: Andreas Metzler <ametzler@bebt.de> Date: 2016-02-23 Doc: p11_kit_module_load accepts a filename arg. p11_kit_module_load() hands on the module_path argument to load_module_from_file_inlock() which accepts relative paths, prepending P11_MODULE_PATH. Update API documentation accordingly. https://lists.freedesktop.org/archives/p11-glue/2016-February/000587.html p11-kit/modules.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 6c4ef3f492d88acca931174519b7aa1215cc1a18 Author: Pankaj <pankaj.s01@samsung.com> Date: 2016-01-05 Avoiding redundant check https://bugs.freedesktop.org/show_bug.cgi?id=93587 p11-kit/modules.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 5f6cc6c4c66050069d0db93006299cde44920559 Author: Stef Walter <stefw@redhat.com> Date: 2015-12-07 Fix distcheck by removing some linguas that don't build po/LINGUAS | 2 -- 1 file changed, 2 deletions(-) commit 8ccd99b26d5fb2e19ec45ce3dca28bf53b73c70d Author: Stef Walter <stefw@redhat.com> Date: 2015-12-07 Bump version number NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit d0b59f5b155369dd2b933c359c1f81e6199e2c3f Author: Gustavo Zacarias <gustavo@zacarias.com.ar> Date: 2015-12-02 rpc-transport.c: include sys/select.h for fd_set fd_set and friends, according to POSIX.1-2001, needs sys/select.h, so include it otherwise the build fails for uClibc: p11-kit/rpc-transport.c: In function ‘rpc_socket_read’: p11-kit/rpc-transport.c:350:2: error: unknown type name ‘fd_set’ p11-kit/rpc-transport.c:416:4: warning: implicit declaration of function ‘FD_ZERO’ [-Wimplicit-function-declaration] Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> https://bugs.freedesktop.org/show_bug.cgi?id=93211 p11-kit/rpc-transport.c | 1 + 1 file changed, 1 insertion(+) commit 981f5358988a4c7044aeddd5bd783c28b2665410 Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-11-04 p11-kit: Fix redundant check for 'signature' is always 'true' https://bugs.freedesktop.org/show_bug.cgi?id=92807 common/mock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 957c6d8c610b71665573564f2299d9aca86d2483 Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-11-06 common: Fix warning about dereferencing NULL pointer https://bugs.freedesktop.org/show_bug.cgi?id=92842 common/mock.c | 1 + 1 file changed, 1 insertion(+) commit 4e22ebfda7b51ec978eacf0c3653bb534de97fe3 Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-11-06 common: Fix in test-code for file descriptor validity check https://bugs.freedesktop.org/show_bug.cgi?id=92843 common/test-compat.c | 1 + 1 file changed, 1 insertion(+) commit a512a01e4c2700a6454d024150aa222f64885d59 Author: Stef Walter <stefw@redhat.com> Date: 2015-11-09 trust: Fix always false comparison of EAGAIN and EINTR https://bugs.freedesktop.org/show_bug.cgi?id=92864 trust/save.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6558c7174bc6778f13347fc1a356ed6773cef830 Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-10-21 p11-kit: Remove unused pointer https://bugs.freedesktop.org/show_bug.cgi?id=92532 p11-kit/modules.c | 2 -- 1 file changed, 2 deletions(-) commit 478f1065fb6d92fbd4bdf8b0a513f32cf48af170 Author: Stef Walter <stefw@redhat.com> Date: 2015-10-20 po: Update translations from transifex build/tx-update | 6 +- po/ar.po | 4 +- po/as.po | 4 +- po/az.po | 6 +- po/bg.po | 16 ++- po/bn_IN.po | 4 +- po/ca.po | 4 +- po/ca@valencia.po | 4 +- po/cs.po | 152 ++++++++++++------------ po/cy.po | 4 +- po/da.po | 4 +- po/de.po | 30 ++--- po/el.po | 179 ++++++++++++++-------------- po/en_GB.po | 179 ++++++++++++++-------------- po/eo.po | 18 ++- po/es.po | 21 ++-- po/es_CL.po | 342 ------------------------------------------------------ po/et.po | 2 +- po/eu.po | 16 ++- po/fa.po | 16 ++- po/fi.po | 25 ++-- po/fo.po | 4 +- po/fr.po | 179 ++++++++++++++-------------- po/ga.po | 4 +- po/gl.po | 30 +++-- po/gu.po | 4 +- po/he.po | 4 +- po/hi.po | 4 +- po/hr.po | 23 ++-- po/hu.po | 21 ++-- po/ia.po | 16 ++- po/id.po | 19 ++- po/it.po | 24 ++-- po/it_IT.po | 342 ------------------------------------------------------ po/ja.po | 19 ++- po/ka.po | 21 ++-- po/kk.po | 17 +-- po/kn.po | 4 +- po/ko.po | 23 ++-- po/lt.po | 4 +- po/lv.po | 24 ++-- po/ml.po | 4 +- po/mr.po | 4 +- po/ms.po | 4 +- po/nb.po | 4 +- po/nl.po | 21 ++-- po/nn.po | 4 +- po/oc.po | 6 +- po/or.po | 4 +- po/pa.po | 18 ++- po/pl.po | 22 ++-- po/pt.po | 4 +- po/pt_BR.po | 21 ++-- po/ro.po | 4 +- po/ru.po | 184 ++++++++++++++--------------- po/sk.po | 180 ++++++++++++++-------------- po/sl.po | 21 ++-- po/sq.po | 16 ++- po/sr.po | 24 ++-- po/sr@latin.po | 4 +- po/sv.po | 171 +++++++++++++-------------- po/ta.po | 4 +- po/te.po | 16 ++- po/th.po | 4 +- po/tr.po | 144 ++++++++++++----------- po/uk.po | 21 ++-- po/vi.po | 4 +- po/wa.po | 4 +- po/zh_CN.po | 179 ++++++++++++++-------------- po/zh_HK.po | 16 ++- po/zh_TW.po | 19 ++- 71 files changed, 1097 insertions(+), 1856 deletions(-) commit 5e6336ba0393c9d69be843c432e4c4927caea245 Author: Stef Walter <stefw@redhat.com> Date: 2015-10-20 Add estonian translation from Transifex po/LINGUAS | 1 + po/et.po | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 343 insertions(+) commit 98dbc98709bb9a5fe1d6e7beea585c39073e528c Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-10-20 p11-kit: Fix warnings related to use dangling pointer https://bugs.freedesktop.org/show_bug.cgi?id=92551 p11-kit/modules.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 29014eab3caf4f70fcd94c8198ca24992b1e5ec6 Author: Stef Walter <stefw@redhat.com> Date: 2015-10-19 common: Remove compat timegm() implementation We no longer use timegm() common/compat.c | 31 ------------------------------- configure.ac | 1 - 2 files changed, 32 deletions(-) commit 3be562d4d386eddc79489715507d979135d4b74a Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-10-19 p11-kit: 'int' comparison with 'unsigned int' in for() for the array index https://bugs.freedesktop.org/show_bug.cgi?id=92443 common/array.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2db405ff7781ec43b77bd2592c41eff22e2b362a Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-10-19 p11-kit: 'int' comparison with 'unsigned int' in for() for array index common/dict.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c57c1d592c82da7f444cde440c5f32930542b43a Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-10-19 p11-kit: 'int' comparison with 'unsigned int' in for() for array index https://bugs.freedesktop.org/show_bug.cgi?id=92445 p11-kit/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4286fd792b869e27cc362a8de9334d4686aed539 Author: Ludovic Rousseau <ludovic.rousseau@gmail.com> Date: 2015-10-19 manual: Fix typos in documentation https://bugs.freedesktop.org/show_bug.cgi?id=92520 doc/manual/p11-kit-sharing.xml | 4 ++-- doc/manual/pkcs11.conf.xml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) commit ee1d48020b24164b5547de2affd0f38dafab8949 Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-10-12 p11-kit: Fix expression 'call_id < 0' is always false https://bugs.freedesktop.org/show_bug.cgi?id=92434 p11-kit/rpc-message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a005e75a4e1b63db8e19ea0e73479588ab345a6 Author: Robert Milasan <rmilasan@suse.com> Date: 2015-07-30 Fix trust command segfaults in expand_homedir() when no matching password record was found Hello, it looks like under some conditions, command trust segfaults in expand_homedir() due to no matching password record was found: Signed-off-by: Robert Milasan <rmilasan@suse.com> Signed-off-by: Stef Walter <stefw@redhat.com> * Updated path so message is printed and errno is not overwritten https://bugs.freedesktop.org/show_bug.cgi?id=91506 common/path.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit ac151af6e41242eb46689f326311195b5f7b65fc Author: Lew Palm <l.palm@m-privacy.de> Date: 2015-07-14 Fix build on Mingw due to missing EWOULDBLOCK https://bugs.freedesktop.org/show_bug.cgi?id=89081 p11-kit/rpc-transport.c | 3 +++ 1 file changed, 3 insertions(+) commit 406803044f61fcbd491749a5530b39beed270dd2 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2015-07-10 Added p11_kit_module_get_filename() That function allows to obtain the filename used by the PKCS #11 module. That is the filename used by dlopen(). Note that we don't provide p11_kit_module_for_filename() because it would have to deal with filename equivalences. Signed-off-by: Stef Walter <stefw@redhat.com> * Fixed up whitespace p11-kit/modules.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit.h | 1 + p11-kit/test-modules.c | 40 +++++++++++++++++++++++++++++++++++++++- 3 files changed, 85 insertions(+), 1 deletion(-) commit cacaf8cd0b0a4f2cd61b61b012cd5cbf715fe38f Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2015-06-24 In proxy module don't call C_Finalize on a forked process. This corrects a deadlock on the forked process. The deadlock happened because the proxy called C_Finalize prior to a C_Initialize which is wrong according to PKCS #11 (2.40). This patch eliminates the C_Finalize call in that case. This resolves #90289 https://bugs.freedesktop.org/show_bug.cgi?id=90289 Reviewed-by: Stef Walter <stefw@redhat.com> p11-kit/proxy.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit c73edd002462ca1185de1e9e72d9f68f01c93f32 Author: David Woodhouse <David.Woodhouse@intel.com> Date: 2015-06-03 Add test case for bug 90289 (deadlock on C_Initialize() in child after fork) Reviewed-by: Stef Walter <stefw@redhat.com> p11-kit/test-proxy.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) commit ec8a291efb87f1751a18c7e023a67232c15a4ef2 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2015-06-24 Do not deinitialize libffi's wrapper functions Libffi uses shared memory to store them, and a deallocation in a child will cause issues for the parent or vice versa. Signed-off-by: Stef Walter <stefw@redhat.com> * Use #if to comment out code, avoid compiler warnings p11-kit/virtual.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit c9095cb154cfd9937332b1a980316d10a9655d51 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2015-06-23 Added test case for crash after a fork in proxy module Reviewed-by: Stef Walter <stefw@redhat.com> p11-kit/test-proxy.c | 46 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) commit c562aff333bd73a3fe5c15d2969a4ea70300a426 Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-06-03 p11-kit: Missing unlock in function rpc_socket_read() https://bugs.freedesktop.org/show_bug.cgi?id=90827 p11-kit/rpc-transport.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8768b4611d3268d6fca7fc214ce0a5c7ec7fc332 Author: Pankaj <pankaj.s01@samsung.com> Date: 2015-06-01 trust: Fix double close() trust/save.c | 1 - 1 file changed, 1 deletion(-) commit 6712b49861e3e59534c5e4b6d75146a01b939aff Author: Stef Walter <stefw@redhat.com> Date: 2015-04-17 Fix some compiler warnings from GCC 5.x trust/test-persist.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ec9e2450bafa1cda47525b38a28c8f981f43c1e1 Author: Stef Walter <stefw@redhat.com> Date: 2015-02-20 Release version 0.23.1 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit e49fba71493408305b297df7eb4e64d882b778ee Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date: 2014-12-23 Generate URIs compliant to the PKCS#11 URI draft in LC We continue to accept both the older style 'object-type' field in addition to the new 'type' field. However we start generating URIs in the new form. In other words we have backwards compatibility, but not forwards compatibility. Given the fact that PKCS#11 URIs are now standardizing this is an acceptable compromise. https://bugs.freedesktop.org/show_bug.cgi?id=86474 p11-kit/test-uri.c | 26 +++++++++++++------------- p11-kit/uri.c | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) commit 6fb74150b8c8f957e96fd423beeccd36cf04e1bc Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date: 2014-12-23 Added test for pin-value https://bugs.freedesktop.org/show_bug.cgi?id=87582 Signed-off-by: Stef Walter <stefw@redhat.com> * Added test for bad encoded pin-value in uri p11-kit/test-uri.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) commit d1122aa7587c445b3d03f35258ea46038807bf69 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date: 2014-12-23 Added support for pin-value PKCS#11 URI element https://bugs.freedesktop.org/show_bug.cgi?id=87582 p11-kit/uri.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/uri.h | 5 +++++ 2 files changed, 57 insertions(+) commit 890d69d7fde23ea15a082026a4d1c01aba805569 Author: Stef Walter <stefw@redhat.com> Date: 2015-02-20 p11-kit: Remove duplicate WHITESPACE define p11-kit/uri.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit a6df1f21e42a3b57448eb6897b976ac8883908eb Author: Adam Williamson <awilliam@redhat.com> Date: 2015-01-13 trust: Add pem-directory-hash extract format This allows extraction of a directory of standard PEM files with the OpenSSL hash symlinks; this is a format used by some popular platforms (Debian's /etc/ssl/certs is in this form, and OpenSUSE provides it for compatibility). Initially by: Ludwig Nussel <ludwig.nussel@suse.de> Signed-off-by: Stef Walter <stefw@redhat.com> * Added header, fixed compiler warnings doc/manual/trust.xml | 6 +++- trust/extract-openssl.c | 76 ++++++++++++++++++++++++++----------------------- trust/extract-pem.c | 49 +++++++++++++++++++++++++------ trust/extract.c | 17 ++++++----- trust/extract.h | 8 ++++++ trust/test-bundle.c | 35 +++++++++++++++++++++++ 6 files changed, 139 insertions(+), 52 deletions(-) commit b65e3148a8ea2d54b17a8be617bbdcb026c49fcd Author: Stef Walter <stefw@redhat.com> Date: 2014-11-14 uri: Accept 'type' in additon to 'object-type' in PKCS#11 URIs This was a later change to the PKCS#11 specification drafts p11-kit/test-uri.c | 27 +++++++++++++++++++++++++++ p11-kit/uri.c | 5 +++-- 2 files changed, 30 insertions(+), 2 deletions(-) commit 7c2270eaaaf0e60e204cb81dd017bc89394f4f59 Author: Michael Cronenworth <mcronenworth@pdxinc.com> Date: 2014-11-11 compat: Add definition for setenv for Win32 Signed-off-by: Michael Cronenworth <mike@cchtml.com> common/compat.h | 4 ++++ configure.ac | 1 + 2 files changed, 5 insertions(+) commit bfb3bd47aa48983f5349479bca598403097ff81c Author: Stef Walter <stefw@redhat.com> Date: 2014-10-09 Release version 0.22.1 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 03d280df9a73aca5cb6eabbcb97ef3ca4e1ae0e5 Author: Stef Walter <stefw@redhat.com> Date: 2014-10-09 trust: Certificate CKA_ID is SubjectKeyIdentifier if possible The PKCS#11 spec states that the CKA_ID should match the SubjectKeyIdentifier if such an extension is present. We delay the filling of CKA_ID until the builder phase of populating attributes which allows us to have more control over how this works. Note that we don't make CKA_ID reflect SubjectKeyIdentifier *attached* extensions. The CKA_ID isn't supposed to change after object creation. Making it dependent on attached extensions would be making promises we cannot keep, since attached extensions can be added/removed at any time. This also means the CKA_ID of attached extensions and certificates won't necessarily match up, but that was never promised, and not how attached extensions should be matched to their certificate anyway. Based on a patch and research done by David Woodhouse. https://bugs.freedesktop.org/show_bug.cgi?id=84761 trust/builder.c | 55 ++++++++++++++++++++++++++++++++++++++++++---------- trust/parser.c | 37 ++++++++++------------------------- trust/test-builder.c | 2 +- trust/test-parser.c | 2 -- trust/test-trust.c | 2 ++ trust/x509.c | 32 +++++++++++++++++++++++++----- trust/x509.h | 7 ++++++- 7 files changed, 91 insertions(+), 46 deletions(-) commit b3579cb54bd5cd16e9740404408b2505b4b1e26b Author: Stef Walter <stef@thewalter.net> Date: 2014-09-12 trust: Allow 'BEGIN PUBLIC KEY' PEM blocks in .p11-kit files These PEM blocks contribute a CKA_PUBLIC_KEY_INFO to the object being read/written. https://bugs.freedesktop.org/show_bug.cgi?id=83799 doc/internal/persist-format.txt | 13 +++++++++---- trust/persist.c | 24 ++++++++++++++++++++++++ trust/test-persist.c | 27 +++++++++++++++++++++++++++ trust/test-trust.h | 22 ++++++++++++++++++++++ 4 files changed, 82 insertions(+), 4 deletions(-) commit c1dd399d265f20bd3df4dc76dcf735aba1ffa515 Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2014-10-06 trust: add missing libtasn1 cflags Add a number of missing LIBTASN1_CFLAGS where it's required trust/Makefile.am | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) commit af8fba2fa90c6d9b98750f7e33c3b0df9f698cfc Author: Stef Walter <stefw@redhat.com> Date: 2014-10-06 Bump libtool versioning for added APIs configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ab778cc54c8671ba79cf4baca7be2608c7cce886 Author: Antoine Jacoutot <ajacoutot@gnome.org> Date: 2014-10-05 Unbreak build on OpenBSD Add missing header for strdup(3). When EPROTO is not available, fallback to EIO. https://bugs.freedesktop.org/show_bug.cgi?id=84665 p11-kit/rpc-transport.c | 5 +++++ 1 file changed, 5 insertions(+) commit 80e4f6a6e04582fe11c98e6133e3e306e5556d8d Author: Michael Cronenworth <mike@cchtml.com> Date: 2014-10-04 makefile: Rename DATADIR to not conflict with Win32 define Signed-off-by: Michael Cronenworth <mike@cchtml.com> Makefile.am | 2 +- trust/module.c | 2 +- trust/test-module.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit b785f39384af08c35b08ab74671443234260cccc Author: Stef Walter <stefw@redhat.com> Date: 2014-10-02 Release version 0.22.0 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 16e25b2890927108ec15297aabb1d86a49792741 Author: Stef Walter <stefw@redhat.com> Date: 2014-10-03 p11-kit: Use pthread_atfork() in a safe manner Instead of trying to perform actions in pthread_atfork() which are not async-signal-safe, just increment a counter so we can later tell if the process has forked. Note this does not make it safe to mix threads and forking without immediately execing. This is a far broader problem that p11-kit, however we now do the right thing when fork+exec is used from a thread. https://bugs.freedesktop.org/show_bug.cgi?id=84567 common/library.c | 11 ++++++++++ common/library.h | 2 ++ common/mock.c | 1 + p11-kit/modules.c | 55 ++++++++++------------------------------------ p11-kit/proxy.c | 62 ++++++++++++++++------------------------------------ p11-kit/proxy.h | 2 -- p11-kit/rpc-client.c | 20 ++++++++--------- p11-kit/test-proxy.c | 2 +- p11-kit/test-rpc.c | 25 +++++++-------------- 9 files changed, 63 insertions(+), 117 deletions(-) commit a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908 Author: Stef Walter <stefw@redhat.com> Date: 2014-10-01 remote: Run separate executable binary for 'p11-kit remote' This allows security frameworks like SELinux or AppArmor to target it specifically. Makefile.am | 1 + p11-kit/Makefile.am | 13 ++++- p11-kit/p11-kit.c | 69 +------------------------- p11-kit/remote.c | 137 ++++++++++++++++++--------------------------------- p11-kit/rpc-server.c | 101 +++++++++++++++++++++++++++++++++++++ 5 files changed, 164 insertions(+), 157 deletions(-) commit 76f230ced6e9ca2a598988bc00b7b971208e8f64 Author: Stef Walter <stefw@redhat.com> Date: 2014-10-02 p11-kit: P11_KIT_PRIVATEDIR env var overrides private binary dir External binaries are searched for in $(libdir)/p11-kit. The P11_KIT_PRIVATEDIR can be used to override that, for example during 'make check' p11-kit/p11-kit.c | 7 ++++++- p11-kit/test-transport.c | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) commit 960cb9a7db1950ad1414f70b0e3ec240542601ac Author: Stef Walter <stefw@redhat.com> Date: 2014-10-02 common: Use secure_getenv() implementation when setuid In anything security sensitive, use secure_getenv() implementation for retrieving environment variables. common/Makefile.am | 8 ++++++- common/compat.c | 8 +++++++ common/compat.h | 2 ++ common/debug.c | 3 ++- common/frob-getenv.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++ common/test-compat.c | 27 ++++++++++++++++++++++ common/test.c | 2 +- configure.ac | 2 +- 8 files changed, 113 insertions(+), 4 deletions(-) commit c9474683dd3db5ad87227dd3c3734ab31bfc01e9 Author: Stef Walter <stefw@redhat.com> Date: 2014-10-02 common: In tests preserve parent environment for children common/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d3505c2b556b859e1a14062579fd67ec2ab25435 Author: Stef Walter <stefw@redhat.com> Date: 2014-10-01 p11-kit: Remove the 'isolated' option for now This option was not completed in time, and as implemented suffers from limitations that the module is not really completely isolated as it still runs under the same user id as the calling process. doc/manual/p11-kit-sharing.xml | 5 +++-- doc/manual/pkcs11.conf.xml | 11 ++--------- p11-kit/modules.c | 13 ------------- 3 files changed, 5 insertions(+), 24 deletions(-) commit c41e0e1d9a4a9a4533bc6f370e5eebe1d6b9752c Author: Michael Cronenworth <mike@cchtml.com> Date: 2014-09-12 common: Move unistd include to define getopt and friends Needed to fix MinGW builds. Signed-off-by: Michael Cronenworth <mike@cchtml.com> common/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit eeca6f88e1c59543b09df3f9a45224e32d531ef7 Author: Stef Walter <stef@thewalter.net> Date: 2014-09-17 Release version 2.21.3 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 800f310dd3f2fcbf3852a42c67b5dd37e4ef4415 Author: Stef Walter <stef@thewalter.net> Date: 2014-09-10 trust: Use term 'attached extensions' instead of 'stapled' The term 'stapled extensions' is confusing because it overloads terminology used with OSCP stapling. Suggested by Daniel Kahn Gillmor. trust/builder.c | 4 ++-- trust/enumerate.c | 48 ++++++++++++++++++++++++------------------------ trust/enumerate.h | 2 +- trust/extract-openssl.c | 8 ++++---- trust/parser.c | 46 +++++++++++++++++++++++----------------------- trust/test-builder.c | 30 +++++++++++++++--------------- trust/test-enumerate.c | 2 +- trust/test-parser.c | 4 ++-- 8 files changed, 72 insertions(+), 72 deletions(-) commit eccbcc298f59eb9518b07baf840930cec54c7655 Author: Stef Walter <stefw@redhat.com> Date: 2014-09-04 common: New public pkcs11x.h header containing extensions Move our internal stuff to pkcs11i.h, and install the pkcs11x.h header containing extensions. https://bugs.freedesktop.org/show_bug.cgi?id=83495 common/Makefile.am | 3 +- common/attrs.c | 1 + common/constants.c | 1 + common/mock.h | 2 +- common/pkcs11i.h | 505 +++++++++++++++++++++++++++++++++++++++++++++++++ common/pkcs11x.h | 458 +------------------------------------------- doc/manual/Makefile.am | 1 + p11-kit/virtual.h | 2 +- trust/builder.c | 1 + trust/persist.c | 1 + trust/test-builder.c | 1 + trust/test-persist.c | 1 + 12 files changed, 520 insertions(+), 457 deletions(-) commit b1cd802e4241aa81c12ba4ecccdb17404799ff03 Author: Stef Walter <stefw@redhat.com> Date: 2014-09-04 common: Change the CKA_X_PUBLIC_KEY_INFO constant to CKA_PUBLIC_KEY_INFO CKA_PUBLIC_KEY_INFO is defined in the PKCS#11 2.40 draft, so use that rather than defining our own. * Fixed up by Nikos Mavrogiannopoulos <nmav@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=83495 common/attrs.c | 2 +- common/constants.c | 2 +- common/pkcs11x.h | 6 +++++- trust/builder.c | 14 +++++++------- trust/enumerate.c | 16 ++++++++-------- trust/list.c | 2 +- trust/parser.c | 2 +- trust/test-builder.c | 28 ++++++++++++++-------------- trust/test-enumerate.c | 8 ++++---- trust/test-openssl.c | 12 ++++++------ trust/test-parser.c | 8 ++++---- 11 files changed, 52 insertions(+), 48 deletions(-) commit 9ba2165ef75c63960ce95c9b1b085a0a630cfb14 Author: Stef Walter <stefw@redhat.com> Date: 2014-09-04 common: Add support for multiple field names (ie: nicks) per constant This allows us to have old/new names for a given constant. https://bugs.freedesktop.org/show_bug.cgi?id=83495 common/constants.c | 31 ++++++++++++++++--------------- common/constants.h | 2 +- common/test-constants.c | 10 +++++----- 3 files changed, 22 insertions(+), 21 deletions(-) commit 1ede9a957c5a4f2c44b6bc88ba380a41c145a81b Author: Michael Cronenworth <mike@cchtml.com> Date: 2014-09-09 p11-kit: Fix tests when building with MinGW Signed-off-by: Michael Cronenworth <mike@cchtml.com> p11-kit/test-managed.c | 9 +++++++++ p11-kit/test-rpc.c | 9 +++++++++ p11-kit/test-transport.c | 12 ++++++++++++ 3 files changed, 30 insertions(+) commit 086c08ceef86825b7b738c2da016915e91896a20 Author: Michael Cronenworth <mike@cchtml.com> Date: 2014-08-17 trust: Fix token test when building with MinGW Signed-off-by: Michael Cronenworth <mike@cchtml.com> trust/test-token.c | 4 ++++ 1 file changed, 4 insertions(+) commit 92ad58dec9a170a128734ea99e532e8a6a7d5499 Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2014-09-09 configure: Check for pthread_create() in pthread library Check for pthread_create() in pthread library instaed of pthread_mutexattr_init(). This fixes a linking error on FreeBSD. https://bugs.freedesktop.org/show_bug.cgi?id=75674 configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 4dd71231c7b425c44ca231c6c7b1df97545d1501 Author: Stef Walter <stef@thewalter.net> Date: 2014-09-09 p11-kit: Compilation fixes for previous commit Pushed the wrong version p11-kit/proxy.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 50e4702e6c94aeb3c9096661a78f59db96c86226 Author: Stef Walter <stef@thewalter.net> Date: 2014-09-09 p11-kit: Make proxy module respect critical = no The p11-kit-proxy.so module would not respect the critical = no setting in module configuration, and fail if any module failed to initialize. https://bugs.freedesktop.org/show_bug.cgi?id=83651 p11-kit/proxy.c | 84 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 47 insertions(+), 37 deletions(-) commit aff7ac7ef469f96a55063ba423af66fca17c29c7 Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2014-08-18 Fix build without debug When building without debug build fails with: CCLD p11-kit/p11-kit ./.libs/libp11-kit.so: undefined reference to `P11_RPC_CHECK_CALLS' cc: error: linker command failed with exit code 1 (use -v to see invocation) gmake[2]: *** [p11-kit/p11-kit] Error 1 This happens because P11_RPC_CHECK_CALLS is not defined when debugging is enabled, so provide a noop macro for that case. p11-kit/rpc-message.h | 2 ++ 1 file changed, 2 insertions(+) commit c3fc7b49890bef7c28c1315476c6270d8ed1a492 Author: Stef Walter <stef@thewalter.net> Date: 2014-09-05 trust: Show public-key-info in 'trust list --details' Since the public-key-info is an important part of the way we represent trust, show it in 'trust list' if --details is present. trust/list.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit d715fe5312f7b7c1b881cc49847cc15347e286fc Author: Stef Walter <stefw@redhat.com> Date: 2014-09-05 Release version 0.21.2 NEWS | 10 ++++++++++ configure.ac | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) commit dc55d9d5fc5d904f0bc3c06ba3caf64483b18fa9 Author: Stef Walter <stefw@redhat.com> Date: 2014-09-05 trust: Produce a proper message for an invalid stapled extension Previously we would output a line like this: p11-kit: 'node != NULL' not true at lookup_extension trust/builder.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 677dee1a04058aefe8c7689f88da52afe3b4b4bb Author: Stef Walter <stef@thewalter.net> Date: 2014-08-15 Move to non-recursive Makefile for building bins and libs Still use recursive for documentation and translation. Makefile.am | 66 +++-- build/Makefile.decl | 16 -- build/Makefile.tests | 21 -- build/certs/Makefile | 38 +-- common/Makefile.am | 113 ++++++--- common/{tests => }/frob-getauxval.c | 0 common/{tests => }/test-array.c | 0 common/{tests => }/test-attrs.c | 0 common/{tests => }/test-buffer.c | 0 common/{tests => }/test-compat.c | 0 common/{tests => }/test-constants.c | 0 common/{tests => }/test-dict.c | 0 common/{tests => }/test-hash.c | 0 common/{tests => }/test-lexer.c | 0 common/{tests => }/test-message.c | 0 common/{tests => }/test-path.c | 0 common/{tests => }/test-tests.c | 0 common/{tests => }/test-url.c | 0 common/tests/Makefile.am | 39 --- configure.ac | 8 +- doc/manual/Makefile.am | 8 +- p11-kit/Makefile.am | 244 ++++++++++++------ .../files => fixtures}/package-modules/four.module | 0 .../package-modules/win32/four.module | 0 .../files => fixtures}/system-modules/one.module | 0 .../system-modules/two-duplicate.module | 0 .../files => fixtures}/system-modules/two.badname | 0 .../system-modules/win32/one.module | 0 .../system-modules/win32/two-duplicate.module | 0 .../system-modules/win32/two.badname | 0 .../{tests/files => fixtures}/system-pkcs11.conf | 0 p11-kit/{tests/files => fixtures}/test-1.conf | 0 p11-kit/{tests/files => fixtures}/test-pinfile | 0 .../{tests/files => fixtures}/test-pinfile-large | 0 .../files => fixtures}/test-system-invalid.conf | 0 .../files => fixtures}/test-system-merge.conf | 0 .../files => fixtures}/test-system-none.conf | 0 .../files => fixtures}/test-system-only.conf | 0 .../files => fixtures}/test-user-invalid.conf | 0 .../{tests/files => fixtures}/test-user-only.conf | 0 p11-kit/{tests/files => fixtures}/test-user.conf | 0 .../files => fixtures}/user-modules/one.module | 0 .../files => fixtures}/user-modules/three.module | 0 .../user-modules/win32/one.module | 0 .../user-modules/win32/three.module | 0 p11-kit/{tests => }/frob-setuid.c | 0 p11-kit/{tests => }/mock-module-ep.c | 0 p11-kit/{tests => }/mock-module-ep2.c | 0 p11-kit/{tests => }/print-messages.c | 0 p11-kit/{tests => }/test-conf.c | 54 ++-- p11-kit/{tests => }/test-deprecated.c | 0 p11-kit/{tests => }/test-init.c | 0 p11-kit/{tests => }/test-iter.c | 0 p11-kit/{tests => }/test-log.c | 0 p11-kit/{tests => }/test-managed.c | 0 p11-kit/{tests => }/test-mock.c | 0 p11-kit/{tests => }/test-modules.c | 0 p11-kit/{tests => }/test-pin.c | 6 +- p11-kit/{tests => }/test-progname.c | 0 p11-kit/{tests => }/test-proxy.c | 0 p11-kit/{tests => }/test-rpc.c | 0 p11-kit/{tests => }/test-transport.c | 2 +- p11-kit/{tests => }/test-uri.c | 0 p11-kit/{tests => }/test-util.c | 0 p11-kit/{tests => }/test-virtual.c | 0 p11-kit/tests/Makefile.am | 91 ------- trust/Makefile.am | 273 +++++++++++++++------ trust/anchor.c | 5 +- trust/enumerate.h | 5 +- trust/extract.c | 5 +- trust/{tests/files => fixtures}/cacert-ca.der | Bin .../files => fixtures}/cacert3-distrust-all.pem | 0 .../files => fixtures}/cacert3-distrusted-all.pem | 0 .../files => fixtures}/cacert3-not-trusted.pem | 0 .../files => fixtures}/cacert3-trusted-alias.pem | 0 .../files => fixtures}/cacert3-trusted-keyid.pem | 0 .../cacert3-trusted-server-alias.pem | 0 .../{tests/files => fixtures}/cacert3-trusted.pem | 0 trust/{tests/files => fixtures}/cacert3-twice.pem | 0 trust/{tests/files => fixtures}/cacert3.der | Bin trust/{tests/files => fixtures}/cacert3.pem | 0 trust/{tests/files => fixtures}/distrusted.pem | 0 trust/{tests/files => fixtures}/empty-file | 0 trust/{tests/files => fixtures}/multiple.pem | 0 .../files => fixtures}/openssl-trust-no-trust.pem | 0 trust/{tests/files => fixtures}/redhat-ca.der | Bin .../files => fixtures}/self-signed-with-eku.der | Bin .../files => fixtures}/self-signed-with-ku.der | Bin trust/{tests/files => fixtures}/simple-string | 0 trust/{tests/files => fixtures}/testing-server.der | Bin trust/{tests/files => fixtures}/thawte.pem | 0 .../files => fixtures}/unrecognized-file.txt | 0 trust/{tests/files => fixtures}/verisign-v1.der | Bin trust/{tests/files => fixtures}/verisign-v1.pem | 0 trust/{tests => }/frob-bc.c | 0 trust/{tests => }/frob-cert.c | 0 trust/{tests => }/frob-eku.c | 0 trust/{tests => }/frob-ext.c | 0 trust/{tests => }/frob-ku.c | 0 trust/{tests => }/frob-multi-init.c | 0 trust/{tests => }/frob-nss-trust.c | 0 trust/{tests => }/frob-oid.c | 0 trust/{tests => }/frob-pow.c | 0 trust/{tests => }/frob-token.c | 0 trust/{tests => }/input/anchors/cacert3.der | Bin trust/{tests => }/input/anchors/testing-ca.der | Bin trust/{tests => }/input/blacklist/self-server.der | Bin trust/{tests => }/input/cacert-ca.der | Bin trust/{tests => }/input/distrusted.pem | 0 trust/{tests => }/input/verisign-v1.p11-kit | 0 trust/list.c | 5 +- trust/{tests => }/test-asn1.c | 0 trust/{tests => }/test-base64.c | 0 trust/{tests => }/test-builder.c | 0 trust/{tests => }/test-bundle.c | 12 +- trust/{tests => }/test-cer.c | 12 +- trust/{tests => }/test-digest.c | 0 trust/{tests => }/test-enumerate.c | 2 + trust/{tests => }/test-extract.in | 0 trust/{tests => }/test-index.c | 0 trust/{tests => }/test-module.c | 16 +- trust/{tests => }/test-oid.c | 0 trust/{tests => }/test-openssl.c | 20 +- trust/{tests => }/test-parser.c | 20 +- trust/{tests => }/test-pem.c | 0 trust/{tests => }/test-persist.c | 0 trust/{tests => }/test-save.c | 14 +- trust/{tests => }/test-token.c | 4 +- trust/{tests => }/test-trust.c | 0 trust/{tests => }/test-trust.h | 0 trust/{tests => }/test-utf8.c | 0 trust/{tests => }/test-x509.c | 0 trust/tests/Makefile.am | 122 --------- 133 files changed, 632 insertions(+), 589 deletions(-) commit 2a35a67923c26cd38839197aee51c274e5c2550e Author: Stef Walter <stef@thewalter.net> Date: 2014-08-15 common: Fix regression introduced by last commit The last commit caused dirfd() to become undefined. https://bugs.freedesktop.org/show_bug.cgi?id=82617 common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf8dfa9f33c1aa8d76f8d1ae6cf79afb90497cd4 Author: Baruch Siach <baruch@tkos.co.il> Date: 2014-05-05 Fix build against older pthreads implementations Older pthreads implementations like glibc NPTL prior to version 2.12, and uClibc linuxthreads (both), need _XOPEN_SOURCE to expose pthread_mutexattr_settype() and THREAD_MUTEX_DEFAULT. The value 600 (SuSv3, POSIX.1-2001) is equivalent to _POSIX_C_SOURCE 200112L. Fixes the following build error: CC compat.lo compat.c: In function 'p11_mutex_init': compat.c:164:2: warning: implicit declaration of function 'pthread_mutexattr_settype' [-Wimplicit-function-declaration] compat.c:164:2: warning: nested extern declaration of 'pthread_mutexattr_settype' [-Wnested-externs] compat.c:164:36: error: 'PTHREAD_MUTEX_DEFAULT' undeclared (first use in this function) https://bugs.freedesktop.org/show_bug.cgi?id=82617 common/compat.c | 6 ++++++ 1 file changed, 6 insertions(+) commit ea10b26125eff14d5b138ceb0e55994bd38f7381 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-14 Fix 'make upload-release' target Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6333aedd27b1a9cb81ac2d0556c1a97f726bdb33 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-11 doc: Fix missing tag in p11-kit-sharing.xml doc/manual/p11-kit-sharing.xml | 1 + 1 file changed, 1 insertion(+) commit ea39cf40a881fd28f86e2625dff80fde58f2e08a Author: Stef Walter <stef@thewalter.net> Date: 2014-08-11 p11-kit: Fix various noise/issues highlighted by clang p11-kit/modules.c | 1 - p11-kit/remote.c | 3 +-- p11-kit/rpc-client.c | 4 ++-- p11-kit/rpc-server.c | 18 ++++++++++-------- 4 files changed, 13 insertions(+), 13 deletions(-) commit a7b012fcfa4fd0c1c53de3006a63a8bad4a08041 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 Ignore clang scanner litter .gitignore | 1 + 1 file changed, 1 insertion(+) commit c62ce78b8ae6961c9d1dda092781b6988488a135 Author: Stef Walter <stefw@redhat.com> Date: 2014-08-08 trust: Don't use invalid public keys for looking up stapled extensions https://bugs.freedesktop.org/show_bug.cgi?id=82328 trust/builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1576ac9495333d0f285e0ab69f444d3ae0630859 Author: Stef Walter <stefw@redhat.com> Date: 2014-08-08 trust: Print label of certificate when complaining about basic constraints https://bugs.freedesktop.org/show_bug.cgi?id=82328 trust/builder.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit d9df354fffbbfa42aac796235cf446c63ad2eef8 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 trust: Double check that index bucket is valid before access trust/index.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3748527ed4deb980a2aa0a74893ccb4384951015 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 p11-kit: Remove use after free in debug output code path p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f1d563400c9747d6c470cba7abfa9a31d92349d3 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 Quiten down scanner warnings about unused variables p11-kit/lists.c | 5 +---- trust/list.c | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) commit 26b3e98f7934bd47ab3d387124135f254bd6f8ba Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 common: Quiet down clang scanner with assertions Quieten down the clang scanner by telling it to expect that our test assertions fail common/test.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9cd9153a4d4cf78011d2a8f8c7a69aa8f3eda9f3 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 Fix mostly erroneous scanner warnings in tests common/tests/test-array.c | 1 + common/tests/test-dict.c | 3 +++ common/tests/test-tests.c | 2 ++ p11-kit/tests/test-deprecated.c | 6 +++++- p11-kit/tests/test-uri.c | 3 +++ trust/tests/frob-bc.c | 1 + trust/tests/frob-eku.c | 1 + trust/tests/frob-ext.c | 1 + trust/tests/frob-ku.c | 2 ++ trust/tests/frob-oid.c | 2 ++ trust/tests/test-token.c | 2 +- 11 files changed, 22 insertions(+), 2 deletions(-) commit eb9d1fcc8e0adc38ff494af619db37013ff17cb9 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 trust: Fix leak in token loading error path trust/token.c | 1 + 1 file changed, 1 insertion(+) commit 4750c617829b666dd1acb2a12ca61419fa12bc26 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 trust: Fix unlikely use of uninitialized memory in token loading trust/token.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a35cc9be7a34e4fd012b0fa25a7091acf044a038 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 trust: Fix leak in trust list command trust/list.c | 1 + 1 file changed, 1 insertion(+) commit cdf540cefd7e106bc4607584dfa153d847f1a2a9 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 trust: Fix use after free and double free in extract command trust/extract.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit 29325102bb93239313f4b2928f18a589731bd125 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 trust: Remove dead while condition in anchor commond trust/anchor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2663c834561207b947f6a8e98a7661644b6c9630 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 p11-kit: Fix integer overflow in memset() argument p11-kit/virtual.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f8c7ed390672d0749aaf0bbbad2c2af7145ebc01 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 p11-kit: Fix bad check of asprintf() return value p11-kit/p11-kit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a21a0bc541348803f7da01ef6c5b4baf6bc221a Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 configure.ac: Add subdir-objects to satisfy newer automakes configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 92523973caae8b195c4d39b6cf872ea09d72d497 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 trust: Fix use of invalid memory in PEM parser trust/pem.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit c22e37091278ffb339c692f5c994c3393b12a254 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 trust: Parse TRUSTED CERTIFICATE openssl format even without CertAux openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the additional CertAux (ie: trust fields) information. It simply leaves that block out. This happens with a command like: $ openssl x509 -in my-cert.pem -out output -trustout trust/parser.c | 32 ++++---- trust/tests/files/openssl-trust-no-trust.pem | 27 +++++++ trust/tests/test-parser.c | 105 +++++++++++++++++++++++++++ 3 files changed, 151 insertions(+), 13 deletions(-) commit 2e503dccd889a3f83951830fda18c9357377693d Author: Stef Walter <stef@thewalter.net> Date: 2014-08-08 common: Allow specifying which tests to run on command line This modifies our common unit test code so we can specify full test paths on the command line, and restrict the run tests to the ones specified. Order is not respected at this time. common/test.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) commit 6a8843b3c5f6d44eb280a54653388a3de316f638 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-07 Release version 0.21.1 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 3cbe204722e2d5dfa8e8756e0b57b44c67fdd2c4 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-07 po: Add new translations: oc Makefile.am | 2 +- po/LINGUAS | 1 + po/oc.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 344 insertions(+), 1 deletion(-) commit 4f2cc97a95733e9ea8f85510b0f1e5c99053ae5e Author: Stef Walter <stef@thewalter.net> Date: 2014-08-07 common: Don't do repeated linear reallocation of array memory Some mallocs (notably on Windows) have really poor behavior when called repeatedly with a linearly growing buffer. https://bugzilla.redhat.com/show_bug.cgi?id=985419 common/array.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 08a017dbae88f6e57eee387b5984d0494e62d976 Author: Stef Walter <stef@thewalter.net> Date: 2014-08-07 p11-kit: Tweak last commit, handle the not-forked case When we hadn't forked, but were just not initialized, still return CKR_CRYPTOKI_NOT_INITIALIZED from managed modules. p11-kit/modules.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit c61187f879395bb334edba39ee6dfb91f1a9e59b Author: Stef Walter <stef@thewalter.net> Date: 2014-08-07 p11-kit: Don't complain about C_Finalize called in wrong process When C_Finalize is called in the wrong process, it's often because of a caller unaware of forking. This is a painful area of PKCS#11, but at least for C_Finalize, lets not complain loudly about it. p11-kit/modules.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit 8e132ab21378fb5fa1f44afb38c23f44b1277f7d Author: Stef Walter <stef@thewalter.net> Date: 2014-06-24 p11-kit: Add a new 'isolate' pkcs11 config option This sets 'remote' appropriately to run the module in a separate process. https://bugs.freedesktop.org/show_bug.cgi?id=80472 doc/manual/p11-kit-sharing.xml | 4 ++++ doc/manual/pkcs11.conf.xml | 8 ++++++++ p11-kit/modules.c | 44 ++++++++++++++++++++++++++++++------------ 3 files changed, 44 insertions(+), 12 deletions(-) commit 17ea60eaf9d1b4eab9546d6dfc7e7afe83779f91 Author: Stef Walter <stef@thewalter.net> Date: 2014-06-24 p11-kit: Cleanup and add documentation for 'remote' option https://bugs.freedesktop.org/show_bug.cgi?id=54105 doc/manual/p11-kit.xml | 15 +++++++++++ doc/manual/pkcs11.conf.xml | 13 ++++++++++ p11-kit/rpc-transport.c | 57 ++++++++++++++++++++++-------------------- p11-kit/tests/test-transport.c | 2 +- 4 files changed, 59 insertions(+), 28 deletions(-) commit d4289fbe420e19882d94827bd82a667a0132fccf Author: Stef Walter <stef@thewalter.net> Date: 2014-06-24 p11-kit: Add 'p11-kit remote' command for isolating modules This adds a new tool to the p11-kit command called 'remote'. This is the server side of remoting a PKCS#11 module. doc/manual/p11-kit-sections.txt | 1 + p11-kit/Makefile.am | 2 + p11-kit/p11-kit.c | 69 +++++++++++++++++++++++++ p11-kit/{tests/frob-server.c => remote.c} | 86 ++++++++++++------------------- p11-kit/remote.h | 56 ++++++++++++++++++++ p11-kit/tests/Makefile.am | 3 -- p11-kit/tests/test-transport.c | 2 +- 7 files changed, 161 insertions(+), 58 deletions(-) commit 7ec80ff13adb167705a999b7d082c76219adc909 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-20 rpc: Implement execution of another tool to transport PKCS#11 RPC p11-kit/Makefile.am | 3 +- p11-kit/modules.c | 70 +++- p11-kit/rpc-transport.c | 850 ++++++++++++++++++++++++++++++++++++++++ p11-kit/rpc.h | 36 +- p11-kit/tests/Makefile.am | 19 +- p11-kit/tests/frob-server.c | 173 ++++++++ p11-kit/tests/mock-module-ep2.c | 56 +++ p11-kit/tests/test-rpc.c | 156 +++++++- p11-kit/tests/test-transport.c | 281 +++++++++++++ 9 files changed, 1600 insertions(+), 44 deletions(-) commit 5ecfe2c8aa58a170aac2d9a9c22d7ffb3cc9442a Author: Stef Walter <stef@thewalter.net> Date: 2013-10-09 mock: Minor testing tweaks to mock testing p11-kit/tests/test-mock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 989eab4f5886c7455242c04bf359619ac148d5ff Author: Stef Walter <stef@thewalter.net> Date: 2013-10-09 modules: Make config file and module configs overridable by tests p11-kit/modules.c | 15 +++++++++++---- p11-kit/private.h | 7 +++++++ 2 files changed, 18 insertions(+), 4 deletions(-) commit 895f0416448c297a3d06160d748cd0e94eadb366 Author: Stef Walter <stef@thewalter.net> Date: 2013-10-09 test: Move some file and directory code into general test stuff common/test.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++ common/test.h | 10 ++++++ trust/tests/test-token.c | 52 +++++++++++++++--------------- trust/tests/test-trust.c | 75 ------------------------------------------- trust/tests/test-trust.h | 28 ---------------- 5 files changed, 119 insertions(+), 129 deletions(-) commit ccc5e1569b360b54962e7f4cfaded8ab466b021d Author: Stef Walter <stefw@gnome.org> Date: 2013-02-20 Add compatibility fdwalk() function This is used when execing another process to close all open file descriptors that we don't wish to be inherited. common/compat.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 7 ++++++ configure.ac | 3 +++ 3 files changed, 83 insertions(+) commit c785ab66890ad7b73c556d6afdf2bb8a32dd50e2 Author: Stef Walter <stefw@gnome.org> Date: 2012-08-23 rpc: Implement PKCS#11 messages/client/server code * This enables passing around bytes which represent PKCS#11 RPC calls. * Caller is responsible for connecting/disconnecting and so on. * Client side caller gets a mixin from p11_rpc_client_init() to call into, which generates callbacks with byte arrays to be transported. * Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR on which relevant methods get called. * Doesn't yet implement the actual daemon or clients etc... https://bugs.freedesktop.org/show_bug.cgi?id=54105 common/debug.c | 1 + common/debug.h | 1 + common/mock.c | 7 + common/mock.h | 3 + doc/manual/Makefile.am | 2 + p11-kit/Makefile.am | 2 + p11-kit/rpc-client.c | 2092 +++++++++++++++++++++++++++++++++++++++++++++ p11-kit/rpc-message.c | 769 +++++++++++++++++ p11-kit/rpc-message.h | 368 ++++++++ p11-kit/rpc-server.c | 1901 ++++++++++++++++++++++++++++++++++++++++ p11-kit/rpc.h | 69 ++ p11-kit/tests/Makefile.am | 1 + p11-kit/tests/test-mock.c | 10 +- p11-kit/tests/test-rpc.c | 939 ++++++++++++++++++++ 14 files changed, 6163 insertions(+), 2 deletions(-) commit 469e75bb8184392cb47b3cb4897589caabe56e70 Author: Andreas Metzler <ametzler@bebt.de> Date: 2014-01-19 Fix typo: supress - > suppress p11-kit/lists.c | 2 +- trust/anchor.c | 2 +- trust/extract.c | 2 +- trust/list.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) commit 08e4fcd2c7a9b9ea7a46bff5809a7c383f6063a9 Author: Stef Walter <stef@thewalter.net> Date: 2014-07-04 Release version 0.20.3 NEWS | 10 ++++++++++ configure.ac | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) commit 840ec0f54daeb7c3bc37e22b6ec09ea7cfede868 Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2014-07-04 Added test for non-null values in empty ID and label URI parts p11-kit/tests/test-uri.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) commit d8c064dff11af8537d1c228927c9da82cb6b60e4 Author: Stef Walter <stef@thewalter.net> Date: 2014-07-04 p11-kit: Mark p11_kit_be_quiet() and p11_kit_be_loud() stable These are useful functions for callers who want to supress all output from p11-kit library. doc/manual/p11-kit-sections.txt | 4 ++-- p11-kit/p11-kit.h | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) commit 25e8999fd11d0b2c156f3bdd8597142dedd042cb Author: Stef Walter <stef@thewalter.net> Date: 2014-07-03 p11-kit: Handle managed modules correctly when forking Correctly allow reinitialization when a process forks. We don't yet implement checks on all entry points of a managed module, but this allows callers to call C_Initialize again after forking, as outlined by the PKCS#11 v2 spec. p11-kit/modules.c | 14 ++++++++----- p11-kit/tests/test-managed.c | 47 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 5 deletions(-) commit a2bd1a8c5ba3c611899f7dfc27d553010899eeec Author: Pavel A <pavel_a at live.com> Date: 2014-07-01 common: Fixed implementation of strerror_r for WinXP ie: when streror_s is missing in msvcrt.dll https://bugs.freedesktop.org/show_bug.cgi?id=76594 common/compat.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 6527f5d3b24a96369a24281db7593d5c4fc73408 Author: Stef Walter <stef@thewalter.net> Date: 2014-06-25 p11-kit: Fix corrupted list when initialization of modules fail This fixes the function call p11_kit_module_initialize() to correctly rearrange the modules array when initializing a module fails. Also fixes p11_kit_modules_load_and_initialize() p11-kit/modules.c | 2 ++ 1 file changed, 2 insertions(+) commit d21967cdcd18c8fcb749f874c492b7f6c4965817 Author: Milan Crha <mcrha@redhat.com> Date: 2014-06-20 Don't try to symlink p11-proxy.so on windows https://bugs.freedesktop.org/show_bug.cgi?id=76594 p11-kit/Makefile.am | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit ead043f7f29d7d724f559fc4caab17edd8206d78 Author: Stef Walter <stef@thewalter.net> Date: 2014-06-20 configure: Require automake 1.12 or later We can't use automake 1.10 as serial-tests is not supported there. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4faa892e97e59dd6ab01b4cae3e2534663e18ba7 Author: Pavel A <pavel.aronsky@daynix.com> Date: 2014-06-20 Proposed fix for compiler warnings in common/compat.c when buliding for Windows (mingw). This issue has been reported in bug #76594 a. Moved vasprintf before asprintf b. Added prototypes for each of them Thanks, pa Signed-off-by: Pavel A <pavel.aronsky@daynix.com> common/compat.c | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) commit 98292d6bbc21168b517cdfca2635d35f2b47740d Author: Stef Walter <stef@thewalter.net> Date: 2014-02-13 proxy: Fix cases where modules are unloaded while in use The proxy module would unload the PKCS#11 modules it was proxying when C_Finalize() was called. However if a caller in another thread was inside of a PKCS#11 function at the time, this would cause a crash. Change things around so that underlying modules are finalized during the proxy C_Finalize() but not released/unloaded until the proxy module itself is unloaded. https://bugs.freedesktop.org/show_bug.cgi?id=74919 p11-kit/proxy.c | 53 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 22 deletions(-) commit deca4955a6cce1dd77bbd45b9524b0f7b0825169 Author: Stef Walter <stef@thewalter.net> Date: 2014-02-13 proxy: Remove assertions when module is not initialized We should return CKR_CRYPTOKI_NOT_INITIALIZED rather than assert() when proxy PKCS#11 functions are called before the module is initialized. https://bugs.freedesktop.org/show_bug.cgi?id=74919 p11-kit/proxy.c | 2 -- 1 file changed, 2 deletions(-) commit 44beedb8c2b4e30b421b604fb1b044402a1d1ff6 Author: Pascal Terjan <pterjan@google.com> Date: 2014-02-09 Fix handling of mmap failure and mapping empty files Check the return value of mmap() correctly. Empty files cannot be mmap'd so we implement some work around code for that. https://bugs.freedesktop.org/show_bug.cgi?id=74773 Signed-off-by: Stef Walter <stef@thewalter.net> common/compat.c | 11 +++++++++-- common/tests/test-compat.c | 17 +++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) commit c59a6b577b7ba1990a7dc04a894c3bc4f4671471 Author: Stef Walter <stefw@gnome.org> Date: 2014-01-29 Support running autogen.sh from srcdir != builddir autogen.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 73aab81e55a2c2d0161484de756317ad32c80ddc Author: Stef Walter <stefw@gnome.org> Date: 2014-01-29 Don't use 'aux' directory name Because Windows is really properly screwed up. https://bugs.freedesktop.org/show_bug.cgi?id=74149 build/{aux => litter}/.empty | 0 configure.ac | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) commit 43c54570e97c60457ed09ffb18ad8416b640e51d Author: Stef Walter <stef@thewalter.net> Date: 2014-01-14 Release version 0.20.2 NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit 90479889d9ee0c6f64067cb762286e6d25dca4b3 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-14 distcheck: Build with optimizations so we get proper warnings Makefile.am | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 426db01ae6c793d59b055e2ff7b14eeb14a48e68 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-14 test-iter: Fix use of uninitialized variable p11-kit/tests/test-iter.c | 1 + 1 file changed, 1 insertion(+) commit 99904e84d9f8f0637f66107807ac4ac9e3339e4a Author: Stef Walter <stef@thewalter.net> Date: 2014-01-14 trust: Add installcheck target for testing extract This is an integration test that the extract and blacklist functionality basics work. More integration tests should follow, at which point we should place the various generic testing bits into their own file. .gitignore | 2 + configure.ac | 1 + trust/tests/Makefile.am | 6 ++ trust/tests/test-extract.in | 189 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 198 insertions(+) commit 1f4f072346e388d7b6b6cf79b111952069c4e95c Author: Stef Walter <stef@thewalter.net> Date: 2014-01-14 Build in srcdir != builddir fashion by default Naturally this doesn't apply to tarballs .gitignore | 7 +++++++ Makefile.am | 4 ++-- autogen.sh | 3 ++- automaint.sh | 6 +++--- build/Makefile.am | 9 --------- build/certs/{Makefile.am => Makefile} | 2 +- configure.ac | 2 -- doc/manual/Makefile.am | 3 ++- 8 files changed, 17 insertions(+), 19 deletions(-) commit 9afb6eff85489614d0bc56a3a661473c25f9d892 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-14 Move gtk-doc.make into build directory gtk-doc.make => build/gtk-doc.make | 0 doc/manual/Makefile.am | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) commit 635c22f4518200c7e106cdf507a4c89072f8b6ca Author: Stef Walter <stef@thewalter.net> Date: 2014-01-13 enumerate: Preload and respect blacklist across all tokens This fixes an issue where a blacklist in one token wasn't properly skipping anchors being extracted with extract-compat https://bugs.freedesktop.org/show_bug.cgi?id=73558 trust/enumerate.c | 196 ++++++++++++++++++++++++++++++++----------- trust/enumerate.h | 3 + trust/tests/test-enumerate.c | 39 ++++++++- 3 files changed, 186 insertions(+), 52 deletions(-) commit 6bc661e907f5382dbd9a76fb47a3b554c2ea0028 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-13 attrs: Allow NULL attribute to be passed to p11_attr_hash() This allows simpler lookups. https://bugs.freedesktop.org/show_bug.cgi?id=73558 common/attrs.c | 12 +++++++----- common/tests/test-attrs.c | 3 +++ 2 files changed, 10 insertions(+), 5 deletions(-) commit 8d5bff64a7050e983c688bb5612bf4046fe96393 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-13 enumerate: Use p11_enumerate_ready() from tests This gives a little broader testing of the enumerator https://bugs.freedesktop.org/show_bug.cgi?id=73558 trust/enumerate.c | 5 +++-- trust/tests/test-enumerate.c | 31 ++++++++++++++++++++----------- 2 files changed, 23 insertions(+), 13 deletions(-) commit f875bda849626cb5b894fe56985408ab7ee8f9a3 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-13 iter: Fix return value in rare memory allocation case p11-kit/iter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bc60631d3e327fd97f53c68c5b3134e4cefad7e1 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-13 iter: Add p11_kit_iter_get_attributes() function A simple wrapper for C_GetAttributeValue() p11-kit/iter.c | 35 +++++++++++++++++++++++++ p11-kit/iter.h | 4 +++ p11-kit/tests/test-iter.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) commit f864a68195a9b8fb25c529f539077691fff924a5 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-08 Remove straggler file in the tools directory tools/tests/test.c | 266 ----------------------------------------------------- 1 file changed, 266 deletions(-) commit e96bc57639a8837e5900a85e282dc0d8bd487fc3 Author: Stef Walter <stef@thewalter.net> Date: 2014-01-08 Update translations from transifex po/da.po | 169 ++++++++++++++++++++++++++++++++------------------------------- 1 file changed, 85 insertions(+), 84 deletions(-) commit ae7c79d466deff4c37587f11531327c8fa5f534c Author: Stef Walter <stef@thewalter.net> Date: 2014-01-08 Fix typo in mock.c Reported-by: Tijl Coosemans <tijl@FreeBSD.org> common/mock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 157941cbd75492b0c74ff21f95de3093cf6d4aca Author: Nikos Mavrogiannopoulos <nmav@redhat.com> Date: 2013-11-26 Check if pthread and nanosleep() are in libc before linking other libs In recent versions of glibc this is true and prevents linking with pthreads when it is not necessary. Tweaked by Stef Walter Signed-off-by: Stef Walter <stef@thewalter.net> configure.ac | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) commit ec02489eca1b7b57c35db71bce5a6f7b876e535e Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2013-11-08 Drop unused libtasn1.h include It's not only unsed, but also causes build fail because CFLAGS for tests does not contain LIBTASN1_CFLAGS. Signed-off-by: Stef Walter <stef@thewalter.net> https://bugs.freedesktop.org/show_bug.cgi?id=71379 common/tests/frob-getauxval.c | 2 -- 1 file changed, 2 deletions(-) commit 5ed8c3d3ede6ef30e4b5a40db1438dd6231d5088 Author: Stef Walter <stef@thewalter.net> Date: 2013-09-13 trust: Check for race in BasicConstraints stapled extension Related to the following bug: https://bugs.freedesktop.org/show_bug.cgi?id=69314 trust/tests/test-builder.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) commit beb377f7479e834366be60dc6c1da2e53278e091 Author: Andreas Metzler <ametzler@debian.org> Date: 2013-10-01 Disable tests with setgid binaries when running in fakeroot We use the FAKED_MODE environment variable as a way to detect fakeroot. common/tests/test-compat.c | 5 ++++- p11-kit/tests/test-conf.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) commit 895327695f141d5bce5e260b80b5ec01796b214a Author: Stef Walter <stefw@gnome.org> Date: 2013-09-08 Fix documentation build doc/manual/Makefile.am | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit b5f7f7023365c31d0d26ce91e29c801fe9bec1ed Author: Stef Walter <stef@thewalter.net> Date: 2013-09-09 Update from transifex and string changes po/LINGUAS | 36 +++++- po/ar.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/as.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/az.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/bg.po | 4 +- po/bn_IN.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ca.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ca@valencia.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/cs.po | 4 +- po/cy.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/da.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/de.po | 5 +- po/el.po | 4 +- po/en_GB.po | 4 +- po/eo.po | 4 +- po/es.po | 5 +- po/es_CL.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/eu.po | 4 +- po/fa.po | 4 +- po/fi.po | 5 +- po/fo.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/fr.po | 4 +- po/ga.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/gl.po | 5 +- po/gu.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/he.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/hi.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/hr.po | 5 +- po/hu.po | 5 +- po/ia.po | 4 +- po/id.po | 5 +- po/it.po | 5 +- po/it_IT.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ja.po | 5 +- po/ka.po | 5 +- po/kk.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/kn.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ko.po | 5 +- po/lt.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/lv.po | 5 +- po/ml.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/mr.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ms.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/nb.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/nl.po | 5 +- po/nn.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/or.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pa.po | 4 +- po/pl.po | 5 +- po/pt.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pt_BR.po | 5 +- po/ro.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ru.po | 4 +- po/sk.po | 4 +- po/sl.po | 5 +- po/sq.po | 4 +- po/sr.po | 5 +- po/sr@latin.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sv.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ta.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/te.po | 4 +- po/th.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/tr.po | 4 +- po/uk.po | 5 +- po/vi.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/wa.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_CN.po | 4 +- po/zh_HK.po | 4 +- po/zh_TW.po | 4 +- 69 files changed, 11068 insertions(+), 74 deletions(-) commit 247e31c94666fbeab08a5dc67b0b8f7a3edbef27 Author: Stef Walter <stef@thewalter.net> Date: 2013-09-09 Release version 0.20.1 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 88ac590d2e9786d5b364aac7a23b2b0567e87020 Author: Stef Walter <stef@thewalter.net> Date: 2013-09-09 Remove unused make variables common/tests/Makefile.am | 6 ++---- p11-kit/tests/Makefile.am | 1 - 2 files changed, 2 insertions(+), 5 deletions(-) commit 8d834060b5af54dcc9581840dfb6452a17a7a7d3 Author: Stef Walter <stef@thewalter.net> Date: 2013-09-05 extract-compat: Skip extraction if running as non-root trust/trust-extract-compat.in | 6 ++++++ 1 file changed, 6 insertions(+) commit a5713df2c05debd269615226b41e1e0b83de2ba3 Author: Stef Walter <stef@thewalter.net> Date: 2013-09-05 anchor: Run extract-compat after we've changed something When the 'trust anchor' tool changes something, run 'trust extract-compat' after that point trust/anchor.c | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) commit 00dc2340eab9f9504ef78006686802eb8e3542ad Author: Stef Walter <stef@thewalter.net> Date: 2013-09-05 trust: More appropriate rv when non-modifiable object deleted This will change once the spec has a specific attribute and code to signify deletability. trust/anchor.c | 1 + trust/module.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) commit 3c7553a1fd47671a98a6d496ac7eeedb1b43df7c Author: Stef Walter <stef@thewalter.net> Date: 2013-09-05 anchor: Better failure messages when removing anchors trust/anchor.c | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) commit 2476ecb35e175a45ba72101ddfa38b2d048323bb Author: Stef Walter <stef@thewalter.net> Date: 2013-09-05 messages: Better message for CKR_FUNCTION_REJECTED p11-kit/messages.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 40631193e4979426f10e5244f477d3c411f8e6c3 Author: Stef Walter <stef@thewalter.net> Date: 2013-09-04 Release version 0.20.0 NEWS | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit 11619d1ddb682ad8f42676732e2179fdcd810566 Author: Stef Walter <stef@thewalter.net> Date: 2013-09-04 Documentation tweaks doc/manual/p11-kit-config.xml | 2 +- doc/manual/p11-kit-sections.txt | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) commit b4faa7f7e17dea909cd4393d27adbc21b2dea9fb Author: Stef Walter <stef@thewalter.net> Date: 2013-08-29 Release version 0.19.4 NEWS | 10 ++++++++++ configure.ac | 2 +- doc/manual/Makefile.am | 3 +++ trust/Makefile.am | 2 +- trust/anchor.c | 2 +- trust/extract.c | 4 ++-- 6 files changed, 18 insertions(+), 5 deletions(-) commit c980eb29619edc28610a03ccb62514683604257c Author: Stef Walter <stef@thewalter.net> Date: 2013-08-29 Route 'p11-kit extract-trust' over to trust tool The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present. .gitignore | 1 + configure.ac | 2 +- p11-kit/p11-kit.c | 58 +++++++++++----------- trust/Makefile.am | 3 +- trust/extract.c | 38 ++++++++++++++ trust/extract.h | 3 ++ ...it-extract-trust.in => trust-extract-compat.in} | 10 ++-- trust/trust.c | 1 + 8 files changed, 81 insertions(+), 35 deletions(-) commit f2beacb7c59b9c4b41b00da993c747fd814882a8 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-29 trust: Document the new command line trust tool .gitignore | 1 + doc/manual/Makefile.am | 4 + doc/manual/p11-kit-docs.xml | 1 + doc/manual/p11-kit-trust.xml | 5 +- doc/manual/p11-kit.xml | 145 +---------------- doc/manual/trust.xml | 368 +++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 385 insertions(+), 139 deletions(-) commit 5c19a0e8f5d07a4defb3239a89c224c5f5f9eef4 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-28 trust: Add 'trust anchor --remove' command Also prevent --store from storing an anchor multiple times trust/anchor.c | 417 ++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 365 insertions(+), 52 deletions(-) commit 2e6d7d3a1e03dc2dbcd98c995bd2d6e5906680d9 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-28 trust: Add a list command to the trust tool Lists with PKCS#11 URI's and some basic fields. trust/Makefile.am | 1 + trust/list.c | 247 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/list.h | 43 ++++++++++ trust/trust.c | 4 +- 4 files changed, 294 insertions(+), 1 deletion(-) commit dee46ac0c6287fbd57ec9b57ddeade27933fea05 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-28 trust: Add support for removing trust token objects trust/tests/test-token.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 87 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 185 insertions(+), 1 deletion(-) commit b693517966b1cbe5b81e39aeefad7b52b6f10492 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-28 trust: Refactor enumeration of certificates to extract Because we want to use this same logic for listing trust trust/Makefile.am | 2 +- trust/{extract-info.c => enumerate.c} | 228 ++++++++++++++++++----- trust/enumerate.h | 103 ++++++++++ trust/extract-cer.c | 18 +- trust/extract-jks.c | 13 +- trust/extract-openssl.c | 36 ++-- trust/extract-pem.c | 20 +- trust/extract.c | 180 ++---------------- trust/extract.h | 84 ++------- trust/tests/Makefile.am | 14 +- trust/tests/test-bundle.c | 62 +++--- trust/tests/test-cer.c | 62 +++--- trust/tests/{test-extract.c => test-enumerate.c} | 151 +++++++-------- trust/tests/test-openssl.c | 111 ++++++----- 14 files changed, 541 insertions(+), 543 deletions(-) commit 714e4a22a82295c41360fbfa6019a31b1e2a0f30 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 trust: Do reload object removals inside a loading block So that validation/storage logic doesn't kick in if a file was removed outside of p11-kit trust module. trust/token.c | 4 ++++ 1 file changed, 4 insertions(+) commit 570403f3421b222167196d380c60eb8430eb4cd7 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-28 trust: Add index callback for when an object is removed This allows a token to remove the file if desired trust/index.c | 25 ++++++++++++ trust/index.h | 5 +++ trust/session.c | 2 +- trust/tests/test-builder.c | 2 +- trust/tests/test-index.c | 99 ++++++++++++++++++++++++++++++++++++++++++---- trust/token.c | 1 + 6 files changed, 125 insertions(+), 9 deletions(-) commit 58466648aa84ea10c20213d4665c5c93dbf285e9 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 trust: Prefer parsing the persist format to PEM This is because the persist format contains PEM, and if the PEM parser gets it first, then it'll ignore the other non PEM data. trust/token.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 619e81b5ffe0677d1d511ef60b8451434c2a32a0 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 trust: Correctly rewrite other objects in a modifiable persist file There was a bug where we were rewriting the modified object multiple times. trust/tests/test-token.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 2 +- 2 files changed, 75 insertions(+), 1 deletion(-) commit 8a9a90e197d67c58898e959358b9a13482732d3d Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 Add p11-kit style typedefs for iter and uri In general we're slowly migrating towards the lower case style for stuctures/objects. p11-kit/iter.h | 1 + p11-kit/uri.h | 1 + 2 files changed, 2 insertions(+) commit 1fac2b92d6c53655086a2cc3a653b8e78d92a043 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 iter: Add a p11_kit_iter_destroy_object() function Handy function since this is a common need. doc/manual/p11-kit-sections.txt | 1 + p11-kit/iter.c | 18 ++++++++++++++++++ p11-kit/iter.h | 1 + p11-kit/tests/test-iter.c | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 60 insertions(+) commit dec3efbaf4a6550bc45d1b9926e4d66b93306802 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 iter: Add p11_kit_iter_set_uri() function This is so we can set a filtering uri on the iterator after construction doc/manual/p11-kit-sections.txt | 3 ++- p11-kit/iter.c | 41 ++++++++++++++++++++++++++++++++++------- p11-kit/iter.h | 3 +++ p11-kit/tests/test-iter.c | 28 ++++++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 8 deletions(-) commit c15dca006ca69c26ec083a4f2d4aac76b9f30d52 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 iter: Add p11_kit_iter_get_token() call To get the already loaded CK_TOKEN_INFO during iteration for the token that the current object is on. doc/manual/p11-kit-sections.txt | 1 + p11-kit/iter.c | 25 +++++++++++++++++++++---- p11-kit/iter.h | 2 ++ p11-kit/tests/test-iter.c | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 56 insertions(+), 4 deletions(-) commit 3f357776c15255710997e61ca305aa5a2ce5cf02 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behavior This allows us to try to get a RW session, but if not fallback to a read-only session. doc/manual/p11-kit-sections.txt | 1 - p11-kit/iter.c | 36 ++++++++++++++---------------------- p11-kit/iter.h | 4 +--- p11-kit/tests/test-iter.c | 4 +--- 4 files changed, 16 insertions(+), 29 deletions(-) commit 22220bda09585239533b6a9fef6de51c1ddc2ae6 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 tool: Only include debug lines marked 'tool' when --verbose Otherwise we get all sorts of overwhelming internal debugging when someone specifies --verbose argument to a tool. common/tool.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 7f6fd42ea33e09687487e8981e02080c8a6c7b40 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 debug: Allow debug lines longer than 512 characters Since fprintf (stderr, ...) already doesn't print atomically, we don't lose any atomicity here. If we want to print atomically this will need some further reworking anyway. common/debug.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 095a385ead70651536d29c7ddab53f42592a3ef5 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 debug: Add missing 'tool' flag to debug flags common/debug.c | 1 + 1 file changed, 1 insertion(+) commit e835d0f6eae21e1b6f13b8ad585c179bbf1eb946 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-27 p11-kit: Rename list.c to lists.c to simplify debugging p11-kit/Makefile.am | 2 +- p11-kit/{list.c => lists.c} | 0 2 files changed, 1 insertion(+), 1 deletion(-) commit cdad5bceee79afbf8b3440b39c72890d2e67448d Author: Stef Walter <stef@thewalter.net> Date: 2013-08-26 Avoid multiple stat() calls for same file As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525 common/compat.c | 39 ++++++++++++++++++++++++++++----------- common/compat.h | 3 +++ common/test.c | 2 +- configure.ac | 1 - p11-kit/conf.c | 35 ++++++++++++++++------------------- p11-kit/conf.h | 3 ++- p11-kit/tests/test-conf.c | 6 +++--- trust/anchor.c | 2 +- trust/parser.c | 3 ++- trust/parser.h | 1 + trust/save.c | 14 ++------------ trust/tests/frob-cert.c | 2 +- trust/tests/test-module.c | 4 ++-- trust/tests/test-parser.c | 20 ++++++++++---------- trust/tests/test-token.c | 12 +++++++----- trust/token.c | 2 +- 16 files changed, 80 insertions(+), 69 deletions(-) commit e1042e93488f2b38abeea58b65440111df69afdc Author: Stef Walter <stef@thewalter.net> Date: 2013-08-26 compat: Check return value of mmap() properly https://bugs.freedesktop.org/show_bug.cgi?id=68525 common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2978f8fb27681e9f40575ae2be26012e8a54fc71 Author: Pascal Ernster <bugs.freedesktop.org@hardfalcon.net> Date: 2013-08-16 Add --with-module-config parameter to the configure script https://bugs.freedesktop.org/show_bug.cgi?id=68122 configure.ac | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit c777194f0a8d00bcb4e1dc89beebcadf2249ddc0 Author: Stef Walter <stef@thewalter.net> Date: 2013-08-12 trust: Add test tool for creating BasicConstraints trust/tests/Makefile.am | 1 + trust/tests/frob-bc.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) commit 4b1d38759c8cdc85b9ab9ce3a8a24a0dc28f2aa6 Author: Michael Cronenworth <mike@cchtml.com> Date: 2013-07-30 test-compat calls test_getauxval which is in a UNIX defined block MinGW builds fail due to this. https://bugs.freedesktop.org/show_bug.cgi?id=67518 common/tests/test-compat.c | 2 ++ 1 file changed, 2 insertions(+) commit cdb1a88ba117d92991298445e5db51b6e1f5ce3c Author: Alon Bar-Lev <alon.barlev@gmail.com> Date: 2013-07-27 do not assume dead code existence in autoconf checks when compiler optimize source, it removes dead code so a linkage error in these cases are not visisble. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=67413 configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 68beea0bca786730019df002fa625986a4d65d91 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-23 Release version 0.19.3 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 2e7952e62ef205c67175e3e717526e4375ca8325 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-23 Make tests work on file systems with block size directories On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249 trust/tests/test-token.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 02a3bbd560bdb56501fea1b46c5583582832b008 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-23 Fix uninitialized variables trust/anchor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6b457ffc260100e0e3e6b2143b00e34bb419665e Author: Stef Walter <stef@thewalter.net> Date: 2013-07-23 Don't use _GNU_SOURCE and fix strerror_r usage glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together. common/compat.h | 10 ++++--- common/message.c | 6 +++++ common/test.c | 1 + common/tests/Makefile.am | 1 + common/tests/test-message.c | 65 +++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 4 +-- trust/token.c | 2 +- 7 files changed, 83 insertions(+), 6 deletions(-) commit b14fc0351c4dd71c5ca71df77e325d2b2a4c0583 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-23 Fix various memory leaks exposed by 'make leakcheck' common/tests/test-path.c | 90 ++++++++++++++++++++++++---------------------- p11-kit/modules.c | 2 ++ trust/asn1.c | 4 ++- trust/builder.c | 6 ++-- trust/extract-openssl.c | 1 + trust/index.c | 2 +- trust/parser.c | 1 + trust/tests/Makefile.am | 12 +++---- trust/tests/test-asn1.c | 3 +- trust/tests/test-builder.c | 4 +++ trust/token.c | 10 ++++-- 11 files changed, 79 insertions(+), 56 deletions(-) commit b7cc29a78c3c705374ff25223fe14749ddb076b9 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-23 Use simple serial automake test harness * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues build/Makefile.tests | 2 +- common/test.c | 2 +- common/tests/Makefile.am | 1 + common/tests/test-compat.c | 4 +- common/tests/test-tests.c | 93 +++++++++++++++++++++++++++++++++++++++++ configure.ac | 2 +- p11-kit/conf.c | 2 +- p11-kit/tests/test-deprecated.c | 1 + p11-kit/tests/test-init.c | 1 + trust/builder.c | 2 +- trust/tests/test-builder.c | 12 ++++-- trust/token.c | 3 +- 12 files changed, 113 insertions(+), 12 deletions(-) commit 4d04cfdf2ac078cc4a95ff9a145f0045e074470b Author: Stef Walter <stef@thewalter.net> Date: 2013-07-23 Use an automake aux directory for storing litter build/aux/.empty | 1 + configure.ac | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) commit 884819d4028faa77d38a99d3f63376b2f4fdfcd4 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-18 doc: Add identifiers to doc sections so gtk-doc doesn't autogen them doc/manual/p11-kit-config.xml | 2 +- doc/manual/p11-kit.xml | 12 ++++++------ doc/manual/pkcs11.conf.xml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) commit 86060d6b17fa3848e60aaff9be7768a761c7c428 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-18 Add appropriate const qualifiers p11-kit/conf.c | 2 +- trust/extract-openssl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 263a83278bd305eb2951907faa3fe08a79fcdeec Author: Stef Walter <stef@thewalter.net> Date: 2013-07-18 Release version 0.19.2 NEWS | 20 +++++++++++++++++++- configure.ac | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) commit d8532de9570fd7501b8b25ff10ab05392f3a1d42 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-18 Fix extract example in documentation doc/manual/p11-kit.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 91bbe5ad80a760a58d5eba48f65ddd07fa56a953 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-18 Use $XDG_CONFIG_HOME/pkcs11 as default user config directory By default this evaluates to ~/.config/pkcs11. This is a somewhat backwards incompatible change. However so far only advanced users have been exposed to the user p11-kit configuration. Distributors are able to revert this if necessary with a --with-user-config='~/.pkcs11' ./configure option. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a1a398ae150cee642efaa03f28e8457c75185d55 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-18 Use getpwuid_r() instead of the non-thread-sofe getpwuid() common/path.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit b03be8429847451ddf25508b3dc3c520e96a2cc3 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-18 Fix p11_kit_space_strlen() result when empty string https://bugzilla.redhat.com/show_bug.cgi?id=985416 p11-kit/tests/Makefile.am | 1 + p11-kit/tests/test-util.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/util.c | 6 ++--- 3 files changed, 63 insertions(+), 3 deletions(-) commit 2a69ff5691e114362564a2ab572cd4b3b20dcc27 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 Always pass size_t varargs to p11_hash_xxx() functions https://bugzilla.redhat.com/show_bug.cgi?id=985421 trust/extract-jks.c | 4 ++-- trust/extract-openssl.c | 2 +- trust/x509.c | 4 +++- 3 files changed, 6 insertions(+), 4 deletions(-) commit 1548d82560b242579f5ba216b66bd59ccd0f3fd0 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 Don't call memdup with zero length or NULL pointer https://bugzilla.redhat.com/show_bug.cgi?id=985433 common/attrs.c | 9 +++++++-- p11-kit/pin.c | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) commit 29a5df009656dc09be781c4939cec3613a0a12cb Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 attrs: Check printf formatting in buffer_append_printf() https://bugzilla.redhat.com/show_bug.cgi?id=985497 common/attrs.c | 5 +++++ 1 file changed, 5 insertions(+) commit 9a1fe66f08149596567fedb4e2338ae786a19ab9 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 Avoid using the non-thread-safe strerror() function https://bugzilla.redhat.com/show_bug.cgi?id=985481 common/compat.c | 16 ++++ common/compat.h | 8 ++ common/message.c | 26 ++++++ common/message.h | 4 + common/path.c | 3 +- configure.ac | 2 +- p11-kit/conf.c | 6 +- tools/tests/test.c | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/parser.c | 2 +- trust/save.c | 47 ++++------ trust/token.c | 19 ++-- 11 files changed, 348 insertions(+), 51 deletions(-) commit e403f7b33ac35e961c72ed1b6335bbe3084e4642 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 Declare static variables const where it makes sense https://bugzilla.redhat.com/show_bug.cgi?id=985337 common/path.c | 8 ++++---- p11-kit/conf.c | 4 ++-- p11-kit/uri.c | 4 ++-- trust/builder.c | 38 +++++++++++++++++++------------------- trust/extract-info.c | 2 +- trust/extract-openssl.c | 2 +- trust/module.c | 4 ++-- 7 files changed, 31 insertions(+), 31 deletions(-) commit 52a84b84a924a9f1cd8090b0a47b9f7d00ca69f3 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 Support expanding $XDG_CONFIG_HOME in user config paths If ~/.config is specified as a prefix to a configured path, then it is expanded to the $XDG_CONFIG_HOME if that exists Add --with-user-config ./configure option to configure a different user config directory. Interpolate the right directories into documentation. .gitignore | 2 ++ common/path.c | 37 ++++++++++++++++++++++++------------- common/tests/test-path.c | 6 ++++++ configure.ac | 8 ++++++-- doc/manual/Makefile.am | 17 +++++++++++++++-- doc/manual/p11-kit-config.xml | 18 +++++++++++------- doc/manual/p11-kit-devel.xml | 10 ++++++++++ doc/manual/p11-kit-trust.xml | 10 +++++++--- doc/manual/pkcs11.conf.xml | 14 +++++++++----- doc/manual/version.xml.in | 1 - p11-kit/pkcs11.conf.example.in | 2 +- 11 files changed, 91 insertions(+), 34 deletions(-) commit 936e4c229a4ed205e9981fc4f31acea063701b69 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 Don't load configs from user directory when setuid When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014 common/compat.c | 48 +++++++++++++ common/compat.h | 12 ++++ common/path.c | 5 ++ common/test.c | 99 +++++++++++++++++++++++++++ common/test.h | 9 +++ common/tests/Makefile.am | 5 +- common/tests/frob-getauxval.c | 63 +++++++++++++++++ common/tests/test-compat.c | 30 ++++++++ configure.ac | 3 + doc/manual/p11-kit-config.xml | 3 + doc/manual/pkcs11.conf.xml | 3 + p11-kit/conf.c | 5 ++ p11-kit/tests/Makefile.am | 1 + p11-kit/tests/files/system-modules/one.module | 3 +- p11-kit/tests/files/user-modules/one.module | 3 +- p11-kit/tests/frob-setuid.c | 95 +++++++++++++++++++++++++ p11-kit/tests/test-conf.c | 39 +++++++++++ 17 files changed, 423 insertions(+), 3 deletions(-) commit 81a6e16539e5e4a27c55194ae095cc4a75d08ade Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 tools: Use $TMPDIR instead of $TEMP TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017 common/path.c | 44 ----------------------------------- common/test.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++ common/test.h | 2 ++ common/tests/test-path.c | 31 +------------------------ trust/tests/test-bundle.c | 4 +--- trust/tests/test-cer.c | 4 +--- trust/tests/test-module.c | 4 +--- trust/tests/test-openssl.c | 4 +--- trust/tests/test-save.c | 4 +--- trust/tests/test-token.c | 9 ++------ trust/tests/test-trust.c | 6 +++++ 11 files changed, 73 insertions(+), 96 deletions(-) commit eb8f5859b1349f8147ba47a1da8032df192f2370 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 Fix various issues highlighted by coverity scanner Among others fix possible usage of large stack allocation. common/hash.c | 1 + common/lexer.c | 3 ++- p11-kit/iter.c | 12 ++++++------ p11-kit/p11-kit.c | 6 ++++++ p11-kit/tests/test-init.c | 3 +++ trust/extract.c | 20 ++++++++++---------- trust/index.c | 18 +++++++++--------- trust/parser.c | 2 +- trust/tests/frob-nss-trust.c | 1 + trust/tests/test-index.c | 7 ++++--- 10 files changed, 43 insertions(+), 30 deletions(-) commit ab1caffd9e09fd4d6ab92713de29436db0da6dea Author: Stef Walter <stef@thewalter.net> Date: 2013-07-16 open files with O_CLOEXEC when possible This helps prevent leaked file descriptors when the library is used in a process which exec's. opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC so we don't need to make changes there. In addition read config files using p11_mmap_open() so that we get the simple benefits of O_CLOEXEC with the open() call there. https://bugzilla.redhat.com/show_bug.cgi?id=984986 common/compat.c | 18 ++++++++-- common/compat.h | 4 +++ p11-kit/conf.c | 101 +++++++++++++++----------------------------------------- p11-kit/pin.c | 2 +- 4 files changed, 46 insertions(+), 79 deletions(-) commit 9886b39e2ebd2f711b5b0c3ca2e24694a9ffd361 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-16 buffer: Check for unlikely integer overflow If we see an integer overflow here something has gone horribly wrong (or malicious code is present). So treat this as unrecoverable, and fail if we're going to overflow. https://bugzilla.redhat.com/show_bug.cgi?id=985019 common/buffer.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 0ddd67184b65dfde0e5d05a957f01eeca161e384 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-16 Make preconditions abort unconditionally when scanning with coverity This reflects that preconditions are invalid/unreachable on a functioning system and with valid input. We do not try to recover from such conditions. In addition teach coverity about how our test suite fails See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html https://bugzilla.redhat.com/show_bug.cgi?id=985005 common/debug.c | 4 ++++ common/test.c | 5 +++++ 2 files changed, 9 insertions(+) commit b2e6bc0ea2b2d2b90f6a159a23a4e676b1f302e4 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-16 iter: Document guarantees for filter matches argumet The matches argument is always initialized to CK_TRUE when a filter is called, and it's up to filters to set it to CK_FALSE. Filters don't need to set to CK_TRUE. https://bugzilla.redhat.com/show_bug.cgi?id=985009 p11-kit/iter.c | 4 ++++ 1 file changed, 4 insertions(+) commit 3f9da410144fd45ee6250dda28cae49300077e29 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-17 Fixes for some recent win32 regressions common/path.c | 21 ++++++++++++++++++--- trust/save.c | 22 ++++++++++------------ trust/token.c | 10 +++++++++- 3 files changed, 37 insertions(+), 16 deletions(-) commit 82738fe7d6143cb25fc1cb201a75b8a071043be8 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-16 Remove erroneous comments about readdir() and thread-safety https://bugzilla.redhat.com/show_bug.cgi?id=984989 p11-kit/conf.c | 1 - trust/save.c | 1 - trust/token.c | 1 - 3 files changed, 3 deletions(-) commit d00f6b24e5349d8d37868b8f4451b1dc9b38767e Author: Stef Walter <stef@thewalter.net> Date: 2013-07-10 Build with -fno-common to catch definition problems Fix some global variables not declared as extern https://bugs.freedesktop.org/show_bug.cgi?id=66015 configure.ac | 2 +- p11-kit/virtual.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit fb039d0c292c3cd339179bdc98a09d4103fb9c5f Author: Stef Walter <stef@thewalter.net> Date: 2013-07-10 Various documentation tweaks and fixes for warnings doc/manual/p11-kit-devel.xml | 2 +- doc/manual/p11-kit-sections.txt | 4 ++++ p11-kit/iter.c | 8 ++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) commit edd04b610c1c83f26ed036569ad95b89a41fc558 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-10 Add support for using freebl3 for SHA1 and MD5 hashing Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory. common/hash.c | 502 ---------------------------------- common/hash.h | 20 -- common/tests/test-hash.c | 92 ------- configure.ac | 33 +++ doc/manual/p11-kit-devel.xml | 11 + trust/Makefile.am | 4 + trust/builder.c | 16 +- trust/digest.c | 632 +++++++++++++++++++++++++++++++++++++++++++ trust/digest.h | 60 ++++ trust/extract-jks.c | 14 +- trust/extract-openssl.c | 10 +- trust/parser.c | 4 +- trust/tests/Makefile.am | 9 +- trust/tests/test-builder.c | 6 +- trust/tests/test-digest.c | 143 ++++++++++ trust/tests/test-module.c | 10 +- trust/x509.c | 4 +- 17 files changed, 922 insertions(+), 648 deletions(-) commit eca5a6e491f5f85ba1f06afcea3177c3442ae557 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-09 trust: Fix the 'p11-kit extract' command This is supposed to call over to 'trust extract' and wasn't working correctly. p11-kit/Makefile.am | 1 + p11-kit/p11-kit.c | 22 ++++++++++++++++++++-- trust/extract.c | 2 +- 3 files changed, 22 insertions(+), 3 deletions(-) commit a314ab2aa9dbfcbc8d2d9a84554265e498520a20 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 trust: Fix bug with load validation failures trust/index.c | 5 +++-- trust/tests/test-index.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) commit 3c36c7a68dfefdf75f7239dd7e006e7eb1366620 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 trust: Add a basic 'anchor' command to store a new anchor trust/Makefile.am | 3 + trust/anchor.c | 300 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ trust/anchor.h | 43 ++++++++ trust/trust.c | 2 + 4 files changed, 348 insertions(+) commit dcca67d72544e394f43a8c62840692c85d5b5b29 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 trust: Fix various issues writing objects in trust token * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly. trust/builder.c | 152 +++++++++-------------------- trust/builder.h | 5 +- trust/index.c | 129 ++++++++++++++++++++++-- trust/index.h | 11 ++- trust/session.c | 2 +- trust/tests/test-builder.c | 238 ++++++++++++++++++++++++++++++++------------- trust/tests/test-index.c | 32 +++--- trust/token.c | 166 +++++++++++++++++++++---------- 8 files changed, 483 insertions(+), 252 deletions(-) commit 3318c443b7a3660f0aee80cfa0d5e915d3a21734 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 trust: Mark CKA_X_DISTRUSTED as a boolean attribute trust/persist.c | 1 + 1 file changed, 1 insertion(+) commit c0a2fe9c974b51e7495d0598a925c07744d895de Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 trust: Support token directory paths in user's home directory trust/module.c | 1 + trust/token.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) commit 2c4f5ed657976d868c33f0ddf430477ee2bf0191 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 trust: Explicitly specify which formats parser should parse trust/parser.c | 69 +++++++++++++++++++++++++++++------------------ trust/parser.h | 18 +++++++++++-- trust/tests/test-module.c | 2 ++ trust/tests/test-parser.c | 10 +++++++ trust/token.c | 2 ++ 5 files changed, 73 insertions(+), 28 deletions(-) commit 03787ae83b1911118a7a689c4817bbce1e74dabd Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 trust: Support using the parser without an asn1_cache trust/asn1.c | 11 ++++++++--- trust/parser.c | 15 +++++++++++---- trust/tests/test-parser.c | 22 ++++++++++++++++++++++ 3 files changed, 41 insertions(+), 7 deletions(-) commit 9f7c426d5a6bfb0e60895a690ed835c47e04cb4e Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 asn1: In p11_asn1_read() allocate an extra null terminator As a courtesy for callers. trust/asn1.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 09ece36663a3672dfa2db97029cfd5f5360188e8 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-08 common: Fix typo, and don't escape '6' in URL encoding common/url.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 75e2cb73df51a2688ecd2f4b4e3b490ae7b9f5a7 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-04 p11-kit: Add P11_KIT_MODULE_TRUSTED flag A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes". p11-kit/modules.c | 48 +++++++++++++++--------- p11-kit/p11-kit.h | 1 + p11-kit/tests/files/package-modules/four.module | 3 +- p11-kit/tests/files/system-modules/one.module | 3 +- p11-kit/tests/test-modules.c | 50 +++++++++++++++++++++++++ trust/extract.c | 49 ++++++------------------ 6 files changed, 98 insertions(+), 56 deletions(-) commit 7d4941715b5afc2ef8ea18716990d28965737c70 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-04 trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above. build/certs/Makefile.am | 19 ++-- common/attrs.c | 1 + common/constants.c | 1 + common/pkcs11x.h | 1 + trust/builder.c | 118 +++++++++++++-------- trust/extract-info.c | 112 ++++++++++++------- trust/extract-openssl.c | 37 ++++--- trust/parser.c | 109 +++++++++++++------ trust/tests/Makefile.am | 1 + .../{cacert3-trusted-multiple.pem => multiple.pem} | 53 +++------ trust/tests/files/verisign-v1.pem | 15 +++ trust/tests/frob-eku.c | 1 + trust/tests/frob-ext.c | 118 +++++++++++++++++++++ trust/tests/test-builder.c | 59 ++++++++--- trust/tests/test-extract.c | 7 +- trust/tests/test-openssl.c | 33 ++++-- trust/tests/test-parser.c | 30 ++++-- trust/tests/test-trust.h | 62 +++++++++++ 18 files changed, 561 insertions(+), 216 deletions(-) commit 2be55821c1ffab99b91c76c43c91dd95db1c21c7 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-04 trust: Add p11_oid_hash() and various oid strings trust/oid.c | 13 +++++++++++++ trust/oid.h | 7 +++++++ trust/tests/test-oid.c | 19 ++++++++++++++----- 3 files changed, 34 insertions(+), 5 deletions(-) commit ec7c2ff2011d774217c1e35d664072d0487853c7 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-04 trust: Add p11_asn1_read() and p11_asn1_free() functions Some helpers for commonly used ASN.1 related stuff. trust/asn1.c | 38 ++++++++++++++++++++++++++++++++++++++ trust/asn1.h | 6 ++++++ trust/parser.c | 16 +++------------- trust/persist.c | 11 ++--------- trust/tests/test-asn1.c | 19 +++++++++++++++++++ trust/x509.c | 42 ++++++------------------------------------ 6 files changed, 74 insertions(+), 58 deletions(-) commit a2165fe35e336fd807af053a21a396b020f90a23 Author: Stef Walter <stef@thewalter.net> Date: 2013-07-03 trust: Initial support for writing out token objects * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable trust/Makefile.am | 1 + trust/module.c | 18 ++-- trust/parser.c | 2 +- trust/tests/test-module.c | 126 +++++++++++++++++++++++++-- trust/tests/test-parser.c | 1 - trust/tests/test-token.c | 110 ++++++++++++++++++++++- trust/tests/test-trust.c | 1 - trust/token.c | 218 +++++++++++++++++++++++++++++++++++++++++----- trust/token.h | 5 +- 9 files changed, 443 insertions(+), 39 deletions(-) commit 269c4c2e82543de273fa9415dec1b9b6e00c51af Author: Stef Walter <stef@thewalter.net> Date: 2013-07-03 trust: If token path is a file, don't try loading subdirectories trust/token.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) commit 4bbb7038816d3664c92cb442e3d1ccac8f92f83c Author: Stef Walter <stef@thewalter.net> Date: 2013-07-03 trust: Correctly handle persisting OIDs with zero length trust/persist.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 6f212d25c6e03705d58137a2ffa0ccb59bf944ff Author: Stef Walter <stef@thewalter.net> Date: 2013-07-03 trust: Don't write out internal attributes when persisting trust/Makefile.am | 1 + trust/index.h | 16 +--------------- trust/persist.c | 7 +++++++ trust/types.h | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 15 deletions(-) commit e355c6724c6fb8cd604763ad2518751056512b2b Author: Stef Walter <stef@thewalter.net> Date: 2013-07-03 trust: Add support for saving files with unique file names trust/extract-cer.c | 4 +- trust/extract-jks.c | 2 +- trust/extract-openssl.c | 52 ++++++++------ trust/extract-pem.c | 8 ++- trust/save.c | 171 +++++++++++++++++++++++++++++++++------------ trust/save.h | 6 +- trust/tests/test-openssl.c | 1 - trust/tests/test-save.c | 168 +++++++++++++++++++++++++++++++++----------- 8 files changed, 298 insertions(+), 114 deletions(-) commit 81431ffd8cbf55175b1b9a9ed130fc67d0d4000b Author: Stef Walter <stef@thewalter.net> Date: 2013-07-03 path: Add p11_path_canon() function Cleans up a filename with readable characters. common/path.c | 15 +++++++++++++++ common/path.h | 2 ++ common/tests/test-path.c | 17 +++++++++++++++++ trust/extract-info.c | 11 ++--------- 4 files changed, 36 insertions(+), 9 deletions(-) commit 1c4522e5df79bd197feab8448008fc2bf6b4ea2e Author: Stef Walter <stef@thewalter.net> Date: 2013-06-28 trust: Rename p11_index_batch() to p11_index_load() The name makes it clearer what's going on. This is only used during loading, so we can track whether a change has resulted from the trust module or from the file storage. trust/builder.c | 4 ++-- trust/index.c | 4 ++-- trust/index.h | 4 ++-- trust/tests/test-builder.c | 16 ++++++++-------- trust/tests/test-index.c | 12 ++++++------ trust/token.c | 4 ++-- 6 files changed, 22 insertions(+), 22 deletions(-) commit 17bc43cb82320f2aba4ccb804bd8599232524c6a Author: Stef Walter <stef@thewalter.net> Date: 2013-06-28 trust: Implement reloading of token data * Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes. trust/builder.c | 3 +- trust/extract-info.c | 86 ++++++++---- trust/index.c | 18 ++- trust/index.h | 6 + trust/module.c | 5 +- trust/parser.c | 124 +++-------------- trust/parser.h | 7 +- trust/tests/test-extract.c | 28 ++-- trust/tests/test-parser.c | 184 +++++-------------------- trust/tests/test-token.c | 255 ++++++++++++++++++++++++++++++---- trust/tests/test-trust.c | 75 ++++++++++ trust/tests/test-trust.h | 28 ++++ trust/token.c | 331 +++++++++++++++++++++++++++++++++++---------- trust/token.h | 3 + 14 files changed, 746 insertions(+), 407 deletions(-) commit 7bb9ad33da0154c9a4317f0123046eee85738349 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-28 iter: Add iteration mode where session is not busy In order to use the session we are iterating on for other tasks such as other C_FindObject() calls, we need to make sure that it's not in the middle of a find operation. Finish up the complete find operation in advance of returning objects from a session. Make this the default mode. The previous behavior remains as an option. Add tests. p11-kit/iter.c | 59 +++++++++++++++-------- p11-kit/iter.h | 7 ++- p11-kit/tests/test-iter.c | 111 +++++++++++++++++++++++++++++++++---------- trust/extract-info.c | 8 ++-- trust/extract.c | 2 +- trust/tests/frob-nss-trust.c | 6 +-- trust/tests/test-bundle.c | 2 +- trust/tests/test-cer.c | 2 +- trust/tests/test-extract.c | 2 +- trust/tests/test-openssl.c | 2 +- 10 files changed, 144 insertions(+), 57 deletions(-) commit 7eabbee227f09cc4ff9e472520f03bba1e35596b Author: Stef Walter <stef@thewalter.net> Date: 2013-06-28 path: Add p11_path_prefix() function Checks if a wellformed path is identical to or a prefix of another path. common/path.c | 17 +++++++++++++++++ common/path.h | 3 +++ common/tests/test-path.c | 13 +++++++++++++ 3 files changed, 33 insertions(+) commit 1e777512e554db76ba2f1aba800ee09a9fa074f0 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-26 trust: Implement validation for creating/modifying objects trust/builder.c | 277 ++++++++++++++++++++++++----- trust/tests/test-builder.c | 427 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 661 insertions(+), 43 deletions(-) commit c807b2432bb954caf89f3092b65ea61a1bc6942e Author: Stef Walter <stef@thewalter.net> Date: 2013-06-25 Fix dependency between p11-kit command and library p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6daeaa08d0e7c7f49392cd9e419c74b6c8721811 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-25 Fix running trust module tests under distcheck trust/tests/test-module.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) commit 069c52a10cc4c4c06de8a4d83ddb3755e40be7a4 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-24 Reorganize various components * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory .gitignore | 2 + Makefile.am | 1 - common/Makefile.am | 31 +-- common/tests/Makefile.am | 32 +-- common/tests/test-lexer.c | 35 +-- {tools => common}/tool.c | 76 +++--- {tools => common}/tool.h | 18 +- configure.ac | 2 - doc/manual/Makefile.am | 1 - gtk-doc.make | 2 +- p11-kit/Makefile.am | 20 ++ {tools => p11-kit}/list.c | 15 +- p11-kit/p11-kit.c | 102 ++++++++ tools/Makefile.am | 53 ----- tools/tests/Makefile.am | 84 ------- tools/tests/files/cacert3.der | Bin 1885 -> 0 bytes tools/tests/files/cacert3.pem | 42 ---- tools/tests/test-tools.c | 216 ----------------- tools/tests/test-tools.h | 260 --------------------- trust/Makefile.am | 56 ++++- {common => trust}/asn1.c | 0 {common => trust}/asn1.h | 0 {common => trust}/base64.c | 0 {common => trust}/base64.h | 0 {common => trust}/basic.asn | 0 {common => trust}/basic.asn.h | 0 tools/extract-x509.c => trust/extract-cer.c | 0 {tools => trust}/extract-info.c | 0 {tools => trust}/extract-jks.c | 0 {tools => trust}/extract-openssl.c | 0 {tools => trust}/extract-pem.c | 0 {tools => trust}/extract.c | 4 +- {tools => trust}/extract.h | 3 + {common => trust}/oid.c | 0 {common => trust}/oid.h | 0 {common => trust}/openssl.asn | 0 {common => trust}/openssl.asn.h | 0 {common => trust}/pem.c | 0 {common => trust}/pem.h | 0 {common => trust}/pkix.asn | 0 {common => trust}/pkix.asn.h | 0 {tools => trust}/save.c | 0 {tools => trust}/save.h | 0 trust/tests/Makefile.am | 70 +++++- .../tests/files/cacert3-distrust-all.pem | 0 .../tests/files/cacert3-distrusted-all.pem | 0 .../tests/files/cacert3-not-trusted.pem | 0 .../tests/files/cacert3-trusted-alias.pem | 0 .../tests/files/cacert3-trusted-keyid.pem | 0 .../tests/files/cacert3-trusted-multiple.pem | 0 .../tests/files/cacert3-trusted-server-alias.pem | 0 {tools => trust}/tests/files/cacert3-twice.pem | 0 {tools => trust}/tests/files/empty-file | 0 {tools => trust}/tests/files/simple-string | 0 {common => trust}/tests/frob-cert.c | 0 {common => trust}/tests/frob-eku.c | 0 {common => trust}/tests/frob-ku.c | 0 {common => trust}/tests/frob-oid.c | 0 {common => trust}/tests/test-asn1.c | 0 {common => trust}/tests/test-base64.c | 0 .../tests/test-pem.c => trust/tests/test-bundle.c | 5 +- tools/tests/test-x509.c => trust/tests/test-cer.c | 5 +- {tools => trust}/tests/test-extract.c | 5 +- {common => trust}/tests/test-oid.c | 0 {tools => trust}/tests/test-openssl.c | 5 +- {common => trust}/tests/test-pem.c | 0 {tools => trust}/tests/test-save.c | 5 +- trust/tests/test-trust.c | 176 +++++++++++++- trust/tests/test-trust.h | 74 ++++++ {common => trust}/tests/test-utf8.c | 0 {common => trust}/tests/test-x509.c | 0 trust/trust.c | 64 +++++ {common => trust}/utf8.c | 0 {common => trust}/utf8.h | 0 {common => trust}/x509.c | 0 {common => trust}/x509.h | 0 76 files changed, 638 insertions(+), 826 deletions(-) commit 5489a1456c5a6f320bd2b3aa849f36f10d538e81 Merge: 1caa880 93f1977 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-17 Merge branch 'stable' commit 1caa8801f6d888befb3515d24171bf77a172a93c Author: Stef Walter <stef@thewalter.net> Date: 2013-06-14 trust: Writable module PKCS#11 token functions Although we don't actually write anything out yet, make the various PKCS#11 functions behave properly when faced with requests to write to token objects common/test.c | 14 ++++++-- trust/module.c | 88 ++++++++++++++++++++++++++++++++++++----------- trust/session.h | 1 + trust/tests/test-module.c | 38 ++++++++++++++++---- 4 files changed, 111 insertions(+), 30 deletions(-) commit 93f197792150ae2e2e3ffafb903dfab6854915cb Author: Stef Walter <stef@thewalter.net> Date: 2013-06-17 trust: Move the extract-trust external placeholder command into trust/ .gitignore | 3 ++- configure.ac | 2 +- tools/Makefile.am | 4 ---- trust/Makefile.am | 4 ++++ {tools => trust}/p11-kit-extract-trust.in | 0 5 files changed, 7 insertions(+), 6 deletions(-) commit 41d2a28b89af41799d01d5973d026712d9174f31 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-17 trust: Print out usage when extract-trust run incorrectly Also sorta covers --help and -h usage tools/p11-kit-extract-trust.in | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit e32481727387460d5900d0bbb495d3694facf64b Author: Stef Walter <stef@thewalter.net> Date: 2013-06-17 tools: Fix passing args to external commands There were various bugs passing arguments, with duplicates being passed, as well as certain arguments being skipped.t tools/tool.c | 4 ++++ 1 file changed, 4 insertions(+) commit b6e065cda1db37a6c8ed52dac3432468e1277323 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-17 tools: Only use our private path when looking for external commands Instead of looking for external commands in the path, just look for them in our private directory. We want to be conservative early on, and limit what sorta things we have to maintain later. We can later remove this restriction if a real use case presents itself. tools/tool.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit bfe10cd0660fd81d78c8c5ce3eaa7d1f046859e1 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-14 trust: Correctly reflect the CK_TOKEN_INFO writability flags Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths which we will be able to write to. common/compat.h | 3 ++ trust/module.c | 5 +++- trust/tests/test-module.c | 57 +++++++++++++++++++++++++++++++++-- trust/tests/test-token.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 47 +++++++++++++++++++++++++++++ trust/token.h | 2 ++ 6 files changed, 187 insertions(+), 3 deletions(-) commit 045df29606ea9853b4fc8bdba062a5e4a7a5be95 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-14 path: Add p11_path_parent() function Gets the parent element of the path, removing the last component. Handles trailing and duplicate path separators correctly. common/path.c | 36 ++++++++++++++++++++++++++++++++++++ common/path.h | 2 ++ common/tests/test-path.c | 17 +++++++++++++++++ 3 files changed, 55 insertions(+) commit 8c6dd48789bdaf2a3dc800df7ed3416ddc3b7e1f Author: Stef Walter <stef@thewalter.net> Date: 2013-06-14 path: Fix expanding of paths and tests common/path.c | 16 +++++++++++----- common/tests/test-path.c | 46 ++++++++++++++++++++++++++-------------------- 2 files changed, 37 insertions(+), 25 deletions(-) commit 9e03e9950d78b58a91454b494513d1fc0872dcf2 Author: Stef Walter <stef@thewalter.net> Date: 2013-06-13 common: Abort test cases when one fails common/test.c | 2 ++ 1 file changed, 2 insertions(+) commit 125aa8b136fa950172c3946ca4768cf4750b697a Merge: f48e1a2 49e344c Author: Stef Walter <stef@thewalter.net> Date: 2013-06-05 Merge branch 'stable' commit 49e344cfa48d765ccc83a7313b1ba1c30252b84e Author: Stef Walter <stef@thewalter.net> Date: 2013-06-05 Release version 0.18.3 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 1b61494bb10866841e52956a2b65b75259f64e3c Author: Stef Walter <stefw@gnome.org> Date: 2013-06-05 trust: Fix crash when C_Initialize args are NULL https://bugs.freedesktop.org/show_bug.cgi?id=65401 trust/module.c | 5 ++++- trust/tests/test-module.c | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) commit 3dc38f294af5bbe1939d38ec9b3fcd699f97c8ce Author: Stef Walter <stefw@gnome.org> Date: 2013-06-05 trust: Fix reinitialization of trust module Track number of C_Initialize calls, and require similar number of C_Finalize calls to finalize. This fixes leaks/disappearing sessions in the trust module. https://bugs.freedesktop.org/show_bug.cgi?id=65401 trust/module.c | 25 +++++++++++++--- trust/tests/frob-multi-init.c | 69 +++++++++++++++++++++++++++++++++++++++++++ trust/tests/test-module.c | 49 ++++++++++++++++++++++++++++++ 3 files changed, 139 insertions(+), 4 deletions(-) commit f48e1a2a496604a835d0f9230113218951a1ced2 Author: manphiz@gmail.com <manphiz@gmail.com> Date: 2013-04-24 Fix uninitialized p11_library_once https://bugs.freedesktop.org/show_bug.cgi?id=57714 common/library.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6132376b31f6d8c27fa63b219e7330f4489de6cc Author: Stef Walter <stefw@gnome.org> Date: 2013-04-05 Force Mac OS shared library extension to .so Darwin and libtool seem confused about what shared library extension they actually use. https://bugs.freedesktop.org/show_bug.cgi?id=57714 configure.ac | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit cf91dc6975424e3ba3971e4496e91036e97419e5 Author: manphiz@gmail.com <manphiz@gmail.com> Date: 2013-04-24 Fix uninitialized p11_library_once https://bugs.freedesktop.org/show_bug.cgi?id=57714 common/library.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f358242f0068b280c1478075617288095dd95adc Author: Stef Walter <stefw@gnome.org> Date: 2013-04-05 Force Mac OS shared library extension to .so Darwin and libtool seem confused about what shared library extension they actually use. https://bugs.freedesktop.org/show_bug.cgi?id=57714 configure.ac | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 96771f49dc945800ae28c77ff407753cbb995c7f Author: Stef Walter <stefw@gnome.org> Date: 2013-05-21 persist: Support for writing out p11-kit persist files trust/parser.c | 10 +- trust/persist.c | 458 +++++++++++++++++++++++++++++++++++++++------ trust/persist.h | 4 + trust/tests/test-persist.c | 203 +++++++++++++++++--- trust/tests/test-trust.c | 2 +- 5 files changed, 587 insertions(+), 90 deletions(-) commit daf63f2cf66669b3555f2f15498a0aa2db234b2f Author: Stef Walter <stefw@gnome.org> Date: 2013-05-21 constants: Tweaks and add mechanisms common/constants.c | 428 +++++++++++++++++++++--------------------- common/tests/test-constants.c | 70 +++---- 2 files changed, 245 insertions(+), 253 deletions(-) commit 56fec770071713bf800e7e9f3905973703105ec5 Author: Stef Walter <stefw@gnome.org> Date: 2013-05-21 pem: Write PEM data directly to a buffer common/pem.c | 38 +++++++++++++++++--------------------- common/pem.h | 7 +++++-- common/tests/test-pem.c | 21 ++++++++++++--------- tools/extract-openssl.c | 29 +++++++++++++++++------------ tools/extract-pem.c | 32 ++++++++++++++++++++------------ 5 files changed, 71 insertions(+), 56 deletions(-) commit cb8f2e3a04d9365121ffea0d76d8b3d47e2cc1ec Author: Stef Walter <stefw@gnome.org> Date: 2013-05-21 url: Encode directly to a buffer common/tests/test-url.c | 30 ++++++++++++++++++------------ common/url.c | 29 ++++++++++------------------- common/url.h | 5 +++-- p11-kit/uri.c | 32 +++++++++++++++++++------------- 4 files changed, 50 insertions(+), 46 deletions(-) commit 4fd057258177f4f14bbe78c2d02d5a65eaf3f3dc Author: Stef Walter <stefw@gnome.org> Date: 2013-05-27 Release version 0.19.1 NEWS | 11 +++++++++++ configure.ac | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) commit e98522ba9e92be79526eba9daee9f60aa30ad942 Author: Stef Walter <stefw@gnome.org> Date: 2013-05-21 Mark p11_kit_message() as a stable function doc/manual/p11-kit-sections.txt | 2 +- p11-kit/p11-kit.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 61a9cfa62972678f1cbbad7f4d1a814e9b7f05e2 Author: Stef Walter <stefw@gnome.org> Date: 2013-05-21 Fix building of applications using CRYPTOKI_GNU style p11-kit/p11-kit.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 435843812ab7b85f97cfdc32ae9412f78242b950 Author: Stef Walter <stefw@gnome.org> Date: 2013-05-21 Bump the version for deprecated function documentation p11-kit/modules.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 30830eb693ac2e89f28bb34459db6837031ca795 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-09 Fix up Makefile.am files for automake 1.13 warnings common/tests/Makefile.am | 4 ++-- p11-kit/Makefile.am | 2 +- p11-kit/tests/Makefile.am | 2 +- tools/Makefile.am | 2 +- tools/tests/Makefile.am | 2 +- trust/Makefile.am | 2 +- trust/tests/Makefile.am | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) commit dcabaf1d56d410ba7ddb3dfbab9011bbbea5e6bc Author: Stef Walter <stefw@gnome.org> Date: 2013-04-05 Our own unit testing framework * Support the TAP protocol * Much cleaner without having to carry around state * First class support for setup/teardown * Port the common tests * Wait on porting other tests until we've merged outstanding code build/Makefile.am | 8 - build/Makefile.tests | 5 +- build/cutest/CuTest.c | 329 ------- build/cutest/CuTest.h | 111 --- build/cutest/README.txt | 211 ---- build/cutest/license.txt | 38 - common/Makefile.am | 5 +- common/debug.h | 2 + common/test.c | 261 +++++ common/test.h | 131 +++ common/tests/Makefile.am | 3 +- common/tests/test-array.c | 101 +- common/tests/test-asn1.c | 53 +- common/tests/test-attrs.c | 461 +++++---- common/tests/test-base64.c | 67 +- common/tests/test-buffer.c | 113 +-- common/tests/test-compat.c | 28 +- common/tests/test-constants.c | 45 +- common/tests/test-dict.c | 250 +++-- common/tests/test-hash.c | 74 +- common/tests/test-lexer.c | 126 ++- common/tests/test-oid.c | 45 +- common/tests/test-path.c | 68 +- common/tests/test-pem.c | 76 +- common/tests/test-url.c | 93 +- common/tests/test-utf8.c | 60 +- common/tests/test-x509.c | 106 +- p11-kit/tests/Makefile.am | 14 +- p11-kit/tests/{conf-test.c => test-conf.c} | 252 +++-- p11-kit/tests/test-deprecated.c | 187 ++-- p11-kit/tests/test-init.c | 144 ++- p11-kit/tests/test-iter.c | 481 +++++----- p11-kit/tests/test-log.c | 41 +- p11-kit/tests/test-managed.c | 97 +- p11-kit/tests/test-mock.c | 1012 ++++++++++---------- p11-kit/tests/test-modules.c | 157 ++- p11-kit/tests/{pin-test.c => test-pin.c} | 104 +- p11-kit/tests/{progname-test.c => test-progname.c} | 34 +- p11-kit/tests/test-proxy.c | 75 +- p11-kit/tests/{uri-test.c => test-uri.c} | 633 ++++++------ p11-kit/tests/test-virtual.c | 70 +- tools/tests/Makefile.am | 6 +- tools/tests/test-extract.c | 221 ++--- tools/tests/test-openssl.c | 186 ++-- tools/tests/test-pem.c | 96 +- tools/tests/test-save.c | 329 +++---- tools/tests/{test.c => test-tools.c} | 65 +- tools/tests/{test.h => test-tools.h} | 34 +- tools/tests/test-x509.c | 102 +- trust/tests/Makefile.am | 5 +- trust/tests/test-builder.c | 446 +++------ trust/tests/test-index.c | 395 ++++---- trust/tests/test-module.c | 470 ++++----- trust/tests/test-parser.c | 219 ++--- trust/tests/test-persist.c | 155 ++- trust/tests/test-token.c | 93 +- trust/tests/{test-data.c => test-trust.c} | 56 +- trust/tests/{test-data.h => test-trust.h} | 40 +- 58 files changed, 3901 insertions(+), 5188 deletions(-) commit 7fd6d89d92b6f1b543bf2aa4b2e578201dad7147 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-06 Further reorganization of the core module tracking * Keep the module ownership apart from the tracking of module function pointers, since these are only relevant for unmanaged modules. * Less assumptions that each module has a raw unmanaged module function pointer. * More clarity in the naming of dictionaries tracking the modules. p11-kit/modules.c | 349 +++++++++++++++++++++++++----------------------------- 1 file changed, 161 insertions(+), 188 deletions(-) commit eb88be6c0b7ea39a74cd2aa8af33371de4aeb74c Author: Stef Walter <stefw@gnome.org> Date: 2013-04-07 Pull the argv parsing code into its own file So it can be used from multiple code paths common/Makefile.am | 1 + common/argv.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++ common/argv.h | 44 ++++++++++++++++++++ trust/module.c | 78 ++---------------------------------- 4 files changed, 164 insertions(+), 74 deletions(-) commit 7b848defc704cc1fbb47a16b23727583c14b804d Author: Stef Walter <stefw@gnome.org> Date: 2013-04-06 Support /xxx/yyy as an absolute path with Win32 Because win32 code doesn't just run on windows, wine runs with unix style paths. common/path.c | 8 ++++---- common/tests/test-path.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 10d26767fa39f43b0aabb82d73ed88b2c2522397 Author: Stef Walter <stefw@gnome.org> Date: 2013-05-21 Bump the version number to unstable configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b73f4ef126bdead47262e29e47d159a89984d65f Author: Stef Walter <stefw@gnome.org> Date: 2013-02-19 Add the log-calls module config option If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr. common/attrs.c | 22 +- common/attrs.h | 9 + common/constants.c | 350 ++++++- common/constants.h | 8 + common/tests/test-constants.c | 18 +- doc/manual/Makefile.am | 1 + doc/manual/p11-kit-sharing.xml | 5 + doc/manual/pkcs11.conf.xml | 19 + p11-kit/Makefile.am | 1 + p11-kit/log.c | 2022 ++++++++++++++++++++++++++++++++++++++++ p11-kit/log.h | 53 ++ p11-kit/modules.c | 44 +- p11-kit/tests/Makefile.am | 1 + p11-kit/tests/test-log.c | 125 +++ p11-kit/tests/test-mock.c | 4 +- 15 files changed, 2646 insertions(+), 36 deletions(-) commit a14ff781ebf231daa99990fd65c2312f26db93a8 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-19 Manage C_CloseAllSessions function for multiple callers Make C_CloseAllSessions work for different callers. Track the sessions that each caller opens and close just those when C_CloseAllSessiosn is called. common/mock.c | 2 +- doc/manual/p11-kit-sharing.xml | 6 ++ p11-kit/modules.c | 202 ++++++++++++++++++++++++++++++++++++++++- p11-kit/tests/test-init.c | 9 +- p11-kit/tests/test-managed.c | 64 ++++++++++++- 5 files changed, 275 insertions(+), 8 deletions(-) commit 0cb1132469c1e13be64f85cd6566e6617bfe32cc Author: Stef Walter <stefw@gnome.org> Date: 2013-02-15 Update the proxy module to use managed PKCS#11 modules Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module. common/mock.c | 9 - common/mock.h | 11 + doc/manual/Makefile.am | 1 + p11-kit/Makefile.am | 2 +- p11-kit/modules.c | 5 +- p11-kit/private.h | 4 - p11-kit/proxy.c | 1465 +++++++++++++++++++++++++++++++++++++------- p11-kit/proxy.h | 45 ++ p11-kit/tests/test-mock.c | 26 +- p11-kit/tests/test-proxy.c | 116 +++- p11-kit/util.c | 3 + 11 files changed, 1422 insertions(+), 265 deletions(-) commit 5c19f0cf66495f00ccf69eba1d0915f862a88c8d Author: Stef Walter <stefw@gnome.org> Date: 2013-02-06 p11-kit: Managed PKCS#11 module loading Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such. common/compat.c | 6 + common/compat.h | 4 +- common/mock.c | 63 +- common/mock.h | 6 +- doc/manual/Makefile.am | 2 + doc/manual/p11-kit-docs.xml | 2 + doc/manual/p11-kit-proxy.xml | 29 + doc/manual/p11-kit-sections.txt | 39 +- doc/manual/p11-kit-sharing.xml | 94 +- doc/manual/pkcs11.conf.xml | 24 + gtk-doc.make | 2 +- p11-kit/Makefile.am | 7 +- p11-kit/deprecated.h | 97 ++ p11-kit/docs.h | 38 + p11-kit/modules.c | 1498 ++++++++++++++++++++---- p11-kit/modules.h | 51 + p11-kit/p11-kit.h | 63 +- p11-kit/private.h | 6 - p11-kit/proxy.c | 231 ++-- p11-kit/tests/Makefile.am | 10 +- p11-kit/tests/files/system-pkcs11.conf | 5 +- p11-kit/tests/files/user-modules/one.module | 3 +- p11-kit/tests/test-deprecated.c | 521 +++++++++ p11-kit/tests/test-init.c | 176 ++- p11-kit/tests/test-iter.c | 72 +- p11-kit/tests/test-managed.c | 168 +++ p11-kit/tests/test-mock.c | 1687 +++++++++++++++++++++++++++ p11-kit/tests/test-modules.c | 124 +- p11-kit/tests/test-proxy.c | 94 ++ tools/extract.c | 15 +- tools/list.c | 16 +- tools/tests/test-extract.c | 7 +- tools/tests/test-openssl.c | 9 +- tools/tests/test-pem.c | 9 +- tools/tests/test-x509.c | 9 +- trust/tests/frob-nss-trust.c | 25 +- 36 files changed, 4660 insertions(+), 552 deletions(-) commit ff853bd7902e271256cada4a1b20a3d46b519b69 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-10 Use libffi to implement mixins for managed code * This allows us to call into subclassed PKCS#11 modules as if they were plain old PKCS#11 modules * libffi is an optional dependency configure.ac | 31 + doc/manual/Makefile.am | 5 +- doc/manual/p11-kit-devel.xml | 3 + p11-kit/Makefile.am | 7 +- p11-kit/tests/Makefile.am | 7 + p11-kit/tests/test-virtual.c | 183 +++ p11-kit/virtual.c | 2964 ++++++++++++++++++++++++++++++++++++++++++ p11-kit/virtual.h | 68 + 8 files changed, 3265 insertions(+), 3 deletions(-) commit a7af75a31010109529a9edddc825538884f326ca Author: Stef Walter <stefw@gnome.org> Date: 2013-02-14 Add subclassable CK_X_FUNCTION_LIST One of the flaws in PKCS#11 for our usage is that each PKCS#11 module is not passed the pointer to the function list, ie: the vtable Here we define a new function list vtable, where each PKCS#11 function takes the vtable itself as the first argument. We use this new list internally to represent subclassable PKCS#11 modules for various features. common/mock.c | 757 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- common/mock.h | 370 ++++++++++++++++++++++++++- common/pkcs11x.h | 438 ++++++++++++++++++++++++++++++++ 3 files changed, 1561 insertions(+), 4 deletions(-) commit 06a84bafc7c5f0ac92883e9219a7c00f456df39c Author: Stef Walter <stefw@gnome.org> Date: 2013-05-15 Fail early when running automaint.sh automaint.sh | 2 ++ 1 file changed, 2 insertions(+) commit de8b99e2f04f94313a7748adedf7535603013951 Author: Stef Walter <stefw@gnome.org> Date: 2013-05-15 Implement valgrind's hellgrind checks for threading problems And cleanup our locks/locking model. There's no need to use recursive locks, especially since we can't use them on all platforms. In addition adjust taking of locks during initialization so that there's no chance of deadlocking here. automaint.sh | 2 +- build/Makefile.decl | 5 +++++ build/Makefile.tests | 5 +++++ common/compat.c | 2 +- p11-kit/modules.c | 2 +- 5 files changed, 13 insertions(+), 3 deletions(-) commit 4bd7eda265b94dfcb9a1db4aba756e1e05dd4f87 Author: Stef Walter <stefw@gnome.org> Date: 2013-05-14 Release version 0.18.2 NEWS | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit c6793097e6f0d82cfca07aaeb55c7e9b742d2fdf Author: manphiz@gmail.com <manphiz@gmail.com> Date: 2013-05-09 Patch to make test-lexer depend on ASN.1 https://bugs.freedesktop.org/show_bug.cgi?id=64378 common/tests/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e72df3c2546a79f51e7c203bc5735494d45c5c26 Author: Stef Walter <stefw@redhat.com> Date: 2013-05-03 Reduce libtasn1 dependency to 2.3 * This passes all checks and is compatible configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 32e26b5c1852fd7b0261929e3a9b39c473621fd2 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-15 Release version 0.18.1 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit d4392aef7fa3a3b2c308ad3d05c691569361ee49 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-04 doc: Use gtk-doc in the no-tmpl flavor doc/manual/Makefile.am | 6 ++++++ gtk-doc.make | 39 +++++++++------------------------------ 2 files changed, 15 insertions(+), 30 deletions(-) commit 153dc7a750a11d7940f4e4e6e718939d23ee4541 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-04 manual: Use a consistent docbook version doc/manual/p11-kit-config.xml | 5 +++-- doc/manual/p11-kit-devel.xml | 5 +++-- doc/manual/p11-kit-sharing.xml | 5 +++-- doc/manual/p11-kit-trust.xml | 5 +++-- doc/manual/p11-kit.xml | 4 ++-- doc/manual/pkcs11.conf.xml | 4 ++-- 6 files changed, 16 insertions(+), 12 deletions(-) commit 3e5916530b995bda1a5deea7ecf9c185a402d463 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-04 Put the external tools in $libdir/p11-kit These are possibly architecture specific binaries, so they should be in $libdir/p11-kit and not in $datadir/p11-kit configure.ac | 3 +++ tools/Makefile.am | 4 ++-- tools/tool.c | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) commit 941ff24161e040fca7382e3f98b0c1b51da21dac Author: Stef Walter <stefw@gnome.org> Date: 2013-04-04 Release version 0.18.0 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 32b0b448d0ac4f1fa5f9143f0c4385066a9b4a76 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-04 Fix off by one in date parsing code We didn't treat the two digit year 00 as a valid year, whereas it actually represents the year 2000. This is in a non-critical code path. trust/builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d6e0982658acb231333ebfbfb7efff8b762231d0 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-04 Don't print erroneous debug messages when skipping files The parser automatically skips over files that it cannot parse. Don't print confusing debug messages about DER parse failures when it does so. common/asn1.c | 12 ++++++------ trust/parser.c | 8 +++++--- 2 files changed, 11 insertions(+), 9 deletions(-) commit 032fbd8806333bdaf0201cfd9d7bcaac8ec75184 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-02 Update to MurmurHash3 This should also fix problems with accessing memory in a non-aligned fashion on platforms where this causes problems. https://bugs.freedesktop.org/show_bug.cgi?id=62819 common/attrs.c | 2 +- common/dict.c | 2 +- common/hash.c | 149 +++++++++++++++++++++++++---------------------- common/hash.h | 4 +- common/tests/test-hash.c | 18 +++--- 5 files changed, 91 insertions(+), 84 deletions(-) commit 8c69e467527c5ee484c9a921e9b5fd18c0c49b12 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-29 Don't respect timezones for CKA_START_DATE or CKA_END_DATE The PKCS#11 specification does not note what timezone these dates are in. In addition the time values are not represented in PKCS#11. So don't reinterpret certificate dates, other than filling in the century for dates that have a two digit year. Lastly, these are low resolution optional fields so not being all strict about timezones here is appropriate. https://bugs.freedesktop.org/show_bug.cgi?id=62825 common/asn1.c | 332 --------------------------------------------- common/asn1.h | 6 - trust/builder.c | 100 +++++++++++--- trust/tests/test-builder.c | 14 +- 4 files changed, 81 insertions(+), 371 deletions(-) commit 91aa0f9623e232fa253308c4f7464dab8902dfea Author: Stef Walter <stefw@gnome.org> Date: 2013-03-29 trust: Fix logic for matching invalid NSS serial numbers Sometimes NSS queries for trust objects using invalid serial numbers that do not have their DER decoding. We fixed this earlier, but want to make sure there are no corner cases, accidentally not matching serial numbers that happen to start with the same bytes as a DER TLV would. trust/module.c | 120 ++++++++++++++++++++++++++++------------------ trust/tests/test-module.c | 107 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 180 insertions(+), 47 deletions(-) commit a63311a0f3f2669138d09ff8f618fd4d12fa0c3d Author: Stef Walter <stefw@redhat.com> Date: 2013-04-03 More compatible path munging and handling code Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN <lrn1986@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=63062 common/Makefile.am | 1 + common/compat.c | 34 ------ common/compat.h | 9 +- common/path.c | 258 +++++++++++++++++++++++++++++++++++++++++++++ common/path.h | 62 +++++++++++ common/tests/Makefile.am | 1 + common/tests/test-compat.c | 32 ------ common/tests/test-path.c | 202 +++++++++++++++++++++++++++++++++++ p11-kit/conf.c | 60 +---------- p11-kit/modules.c | 38 +------ tools/tests/test-openssl.c | 3 +- tools/tests/test-pem.c | 3 +- tools/tests/test-save.c | 3 +- tools/tests/test-x509.c | 3 +- tools/tool.c | 3 +- trust/module.c | 5 +- trust/parser.c | 3 +- trust/tests/test-module.c | 10 +- trust/token.c | 3 +- 19 files changed, 558 insertions(+), 175 deletions(-) commit c3f1b0a45eb1c28b6f025f8ae56c3b020801b6aa Author: Stef Walter <stefw@gnome.org> Date: 2013-04-03 Don't use free() on memory allocated by LocalFree() ihttps://bugs.freedesktop.org/show_bug.cgi?id=63046 common/library.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fcc3a83cc4d540bc2c4096524b5e8003046ba561 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-02 Separate library init from message code Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046 common/Makefile.am | 15 ++--- common/lexer.c | 2 +- common/library.c | 85 +++++--------------------- common/library.h | 14 ----- common/message.c | 140 +++++++++++++++++++++++++++++++++++++++++++ common/message.h | 62 +++++++++++++++++++ common/mock.c | 2 +- common/tests/Makefile.am | 3 +- common/tests/test-base64.c | 5 +- common/tests/test-lexer.c | 3 +- common/tests/test-url.c | 5 +- p11-kit/Makefile.am | 2 +- p11-kit/conf.c | 2 +- p11-kit/modules.c | 1 + p11-kit/pin.c | 1 + p11-kit/proxy.c | 1 + p11-kit/tests/Makefile.am | 6 +- p11-kit/tests/conf-test.c | 31 +++++----- p11-kit/tests/test-iter.c | 1 + p11-kit/tests/test-modules.c | 1 + p11-kit/tests/uri-test.c | 5 +- p11-kit/uri.c | 2 +- p11-kit/util.c | 1 + tools/Makefile.am | 3 +- tools/extract-info.c | 2 +- tools/extract-jks.c | 2 +- tools/extract-openssl.c | 2 +- tools/extract-pem.c | 2 +- tools/extract-x509.c | 2 +- tools/extract.c | 2 +- tools/list.c | 2 +- tools/save.c | 2 +- tools/tests/Makefile.am | 3 +- tools/tests/test-extract.c | 3 +- tools/tests/test-openssl.c | 3 +- tools/tests/test-pem.c | 3 +- tools/tests/test-save.c | 5 +- tools/tests/test-x509.c | 3 +- tools/tool.c | 2 +- trust/Makefile.am | 2 +- trust/builder.c | 2 +- trust/module.c | 1 + trust/parser.c | 2 +- trust/session.c | 2 +- trust/tests/Makefile.am | 5 +- trust/tests/test-builder.c | 3 +- trust/tests/test-index.c | 3 +- trust/tests/test-module.c | 2 - trust/tests/test-parser.c | 3 +- trust/tests/test-persist.c | 3 +- trust/tests/test-token.c | 3 +- trust/token.c | 2 +- 52 files changed, 294 insertions(+), 170 deletions(-) commit ae7dd1be6d431f25b101bc7e2b3fa373a8cbb47b Author: Stef Walter <stefw@gnome.org> Date: 2013-04-02 Don't use library locks from p11-kit tool The global library p11_library_mutex is for libraries to use, so don't use it from any code in common/, which is also used by the p11-kit tool https://bugs.freedesktop.org/show_bug.cgi?id=63046 common/library.c | 4 ---- p11-kit/util.c | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) commit 2e8f586cd5a0c4cf2471c085e9e0e4fdcc04d996 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-03 Add new script for setting up p11-kit for a maintainer Add win32 cross build, and build out of tree .gitignore | 6 ++++++ automaint.sh | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) commit b7ccd06e1f969a6b86285360234582fe01d3aeaf Author: Stef Walter <stefw@gnome.org> Date: 2013-04-03 Fix build on Win32 Don't reference an undefined macro https://bugs.freedesktop.org/show_bug.cgi?id=63046 tools/tests/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bd6e31c485cd84746f474a64a63c15a7ea87d650 Author: Stef Walter <stefw@gnome.org> Date: 2013-04-03 Fix documentation so it builds out of tree doc/manual/Makefile.am | 7 +- doc/manual/{p11-kit-docs.sgml => p11-kit-docs.xml} | 0 gtk-doc.make | 189 +++++++++++++-------- 3 files changed, 123 insertions(+), 73 deletions(-) commit e67c0e4465607560e0f6af9e9b0395a9ee78adbc Author: Stef Walter <stefw@gnome.org> Date: 2013-04-02 Fix build with automake 1.13 Also remove some generated files from the po/ directory. .gitignore | 5 + common/tests/Makefile.am | 4 +- p11-kit/tests/Makefile.am | 2 +- po/Makefile.in.in | 444 ---------------------------------------------- po/Rules-quot | 47 ----- tools/tests/Makefile.am | 2 +- trust/tests/Makefile.am | 2 +- 7 files changed, 10 insertions(+), 496 deletions(-) commit c3c18a1ea9cd84ee35783809c059d1b9c80c5cbe Author: Stef Walter <stefw@gnome.org> Date: 2013-03-29 Use CKA_X_CERTIFICATE_VALUE for trust assertions These don't contain the CKA_VALUE attribute for certificate data but rather the CKA_X_CERTIFICATE_VALUE attribute. https://bugs.freedesktop.org/show_bug.cgi?id=62896 trust/builder.c | 15 ++++++++++----- trust/tests/test-builder.c | 6 +++--- 2 files changed, 13 insertions(+), 8 deletions(-) commit 4560373c254473990306c13178b959ccc5d338e4 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-28 Don't complain when applications call C_Logout or C_Login Some callers erroneously call our C_Logout function, like NSS. So return appropriate error codes in these cases. https://bugs.freedesktop.org/show_bug.cgi?id=62874 trust/module.c | 32 ++++++++++++++++++++++++++++++-- trust/tests/test-module.c | 23 +++++++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) commit 10d8e6d1836701e311d2b55e116909198932915b Author: Stef Walter <stefw@gnome.org> Date: 2013-03-28 Release version 0.17.5 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 87a0afed5db7e916a6ad6715e14996b2e25641d7 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-27 Don't try to guess at overflowing time values on 32-bit systems Since CKA_START_DATE and CKA_END_DATE are the only places where we want to parse out times, and these are optional, just leave blank if the time overflows what libc can handle on a 32-bit system. https://bugs.freedesktop.org/show_bug.cgi?id=62825 build/certs/Makefile.am | 3 ++ build/certs/distant-end-date.der | Bin 0 -> 366 bytes common/asn1.c | 6 ++-- trust/builder.c | 5 +-- trust/tests/test-builder.c | 71 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 80 insertions(+), 5 deletions(-) commit b0e44f8e1e589726c95506da5121e95a54269fd7 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-25 Fix testing of murmur hash on bigendian systems The murmur hash produces different output depending on the architecture https://bugzilla.redhat.com/show_bug.cgi?id=927394 common/tests/test-hash.c | 60 +++++++++++++++++++----------------------------- 1 file changed, 23 insertions(+), 37 deletions(-) commit 3f74a3b32ce42cc7e38bdbf8349f976000c3af4c Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 Release 0.17.4 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 4b09d2b4d3958b58b020c1ae21fcd932e1eb6c37 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 Fix memory leaks reported by 'make leakcheck' common/mock.c | 4 +++- common/pem.c | 1 + common/tests/test-hash.c | 2 ++ common/tests/test-utf8.c | 4 ++++ common/tests/test-x509.c | 1 + p11-kit/iter.c | 3 +++ p11-kit/tests/pin-test.c | 1 - p11-kit/tests/test-iter.c | 1 + p11-kit/tests/test-modules.c | 2 ++ p11-kit/uri.c | 5 +---- tools/extract-openssl.c | 3 --- tools/tests/test-openssl.c | 7 ++++++ tools/tests/test-pem.c | 6 +++--- tools/tests/test-save.c | 2 ++ tools/tests/test-x509.c | 3 +++ trust/builder.c | 2 ++ trust/index.c | 7 +++--- trust/module.c | 5 +++-- trust/session.c | 1 + trust/tests/test-builder.c | 51 +++++++++++++++++++++++++++++++++++--------- trust/tests/test-index.c | 5 +++++ trust/tests/test-module.c | 2 ++ 22 files changed, 91 insertions(+), 27 deletions(-) commit 57d8f36a6cfbde5a9a783f11f2b75f19005c23e1 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 Fix invalid memory accesses reported by 'make memcheck' These are things that showed up in valgrind while running the tests. common/compat.c | 11 ++++------- common/tests/test-compat.c | 16 ++++++++++++++++ common/tests/test-hash.c | 22 +++++++++++----------- trust/index.c | 2 +- trust/tests/test-index.c | 2 ++ 5 files changed, 34 insertions(+), 19 deletions(-) commit 9cf89e4b43e5e018bb3103be1873a3993769ce4a Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 Add a bit of infrastructure for running valgrind * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking Makefile.am | 2 ++ build/Makefile.am | 4 ++++ build/Makefile.decl | 11 +++++++++++ build/Makefile.tests | 11 +++++++++++ common/Makefile.am | 3 ++- common/tests/Makefile.am | 2 -- doc/Makefile.am | 4 ++++ doc/manual/p11-kit-devel.xml | 4 ++++ p11-kit/Makefile.am | 3 ++- tools/Makefile.am | 3 ++- tools/tests/Makefile.am | 4 ++-- trust/Makefile.am | 3 ++- trust/tests/Makefile.am | 2 -- 13 files changed, 46 insertions(+), 10 deletions(-) commit 0ecabc858dd6c1c2055f53202a01251e2ad7d2c2 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 trust: Predictable behavior with duplicate certificates in token If duplicate certificates are present in a token, we warn about this, and don't really recommend it. However we have predictable behavior where blacklist is prefered to anchor is preferred to unknown trust. https://bugs.freedesktop.org/show_bug.cgi?id=62548 trust/parser.c | 94 +++++++++++++++++++++++++++++++++- trust/tests/test-parser.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++ trust/token.c | 19 ++----- 3 files changed, 224 insertions(+), 16 deletions(-) commit e075585ef1cffc988894b4efbf3d14d5e55dcdcc Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 trust: Rework index to be faster and more usable The index now uses a sort of cross between a hash table and a bloom filter internally to select matching items. This is needed for the massive amount of lookups we want to do during loading. In addition make p11_index_find() and p11_index_replace() easier to use. trust/builder.c | 14 +- trust/index.c | 439 ++++++++++++++++++++++++++++++++------------- trust/index.h | 15 +- trust/tests/Makefile.am | 3 +- trust/tests/frob-pow.c | 57 ++++++ trust/tests/test-builder.c | 44 ++--- trust/tests/test-index.c | 36 ++-- trust/tests/test-parser.c | 6 +- trust/tests/test-token.c | 2 +- 9 files changed, 437 insertions(+), 179 deletions(-) commit fc562261c6bbb35dfed585a78fdec9a408b981c7 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 attrs: Print out the CKA_VALUE for certificates when debugging While it's true that we shouldn't be pritning out CKA_VALUE in certain cases, like for keys, we obviously can do so for certificates. We don't have keys anyway, but in the interest of being general purpose use the class to determine whether CKA_VALUE can be printed common/attrs.c | 49 ++++++++++++++++++++++++++++++++++++++--------- common/attrs.h | 14 ++++++++++---- common/tests/test-attrs.c | 2 +- trust/tests/test-data.c | 15 ++++++++++----- trust/tests/test-data.h | 3 ++- 5 files changed, 63 insertions(+), 20 deletions(-) commit f45942a4fc3e1c5219e9b5201b82203337ee7280 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 hash: Add the murmur2 hash and start using it Add implementation of the murmur2 hash function, and start using it for our dictionaries. Our implementation is incremental like our other hash functions. Also remove p11_oid_hash() which wasn't being used. In addition fix several tests whose success was based on the way that the dictionary hashed. This was a hidden testing bug. build/certs/Makefile.am | 6 +- common/attrs.c | 11 +- common/dict.c | 11 +- common/hash.c | 126 +++++++++++++++++++++ common/hash.h | 7 ++ common/oid.c | 17 --- common/oid.h | 2 - common/tests/test-hash.c | 71 ++++++++++++ tools/tests/files/cacert3-trusted-multiple.pem | 4 +- ...-alias.pem => cacert3-trusted-server-alias.pem} | 4 +- tools/tests/test-openssl.c | 14 +-- tools/tests/test.h | 5 +- trust/tests/files/cacert3-trusted.pem | 4 +- trust/tests/test-parser.c | 3 +- 14 files changed, 234 insertions(+), 51 deletions(-) commit 1dc227b4fce16fcc721276925492f4ba4db00b4f Author: Stef Walter <stefw@gnome.org> Date: 2013-03-20 hash: Rename file and functions for hashes We're going to be adding other hashes. Also build as part of a different common library. common/Makefile.am | 2 +- common/{checksum.c => hash.c} | 22 ++++++++++----------- common/{checksum.h => hash.h} | 26 ++++++++++++------------- common/tests/Makefile.am | 2 +- common/tests/{test-checksum.c => test-hash.c} | 28 +++++++++++++-------------- common/x509.c | 4 ++-- tools/extract-jks.c | 14 +++++++------- tools/extract-openssl.c | 10 +++++----- trust/builder.c | 16 +++++++-------- trust/parser.c | 4 ++-- trust/tests/test-builder.c | 6 +++--- trust/tests/test-module.c | 10 +++++----- 12 files changed, 72 insertions(+), 72 deletions(-) commit ef8c54a355d3f9814cc53a0aad72d61247b169a0 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-19 Release version 0.17.3 NEWS | 7 +++++++ configure.ac | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) commit 80303340701c2cba78937193084f3d716b883b55 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-19 trust: Use descriptive labels for tokens Try to determine which one is the system trust input token, and which one is the default token by using datadir and sysconfdir respectively. https://bugs.freedesktop.org/show_bug.cgi?id=62534 trust/Makefile.am | 2 ++ trust/module.c | 63 +++++++++++++++++++++++++++++++++++++---------- trust/tests/Makefile.am | 2 ++ trust/tests/frob-token.c | 2 +- trust/tests/test-module.c | 30 +++++++++++++++------- trust/tests/test-token.c | 13 +++++++++- trust/token.c | 22 +++++++++++++++-- trust/token.h | 5 +++- 8 files changed, 112 insertions(+), 27 deletions(-) commit 832015f1fd91a9e94478514d7fe9b21e050f121a Author: Stef Walter <stefw@gnome.org> Date: 2013-03-19 trust: Remove the temporary built in distrust objects These should now be loaded from the .p11-kit persist format. trust/token.c | 148 ---------------------------------------------------------- 1 file changed, 148 deletions(-) commit b6295dd63a8028ae0b239859406c477d779f4d5e Author: Stef Walter <stefw@gnome.org> Date: 2013-03-19 extract: Make extracted output directories read-only This is not a security feature or anything like that, but a hint that the files are managed by the extract tool and should not be modified manually. tools/save.c | 60 ++++++++++++++++++++++++++++++++++++------------- tools/tests/test-save.c | 25 +++++++++------------ tools/tests/test.c | 8 +++++-- 3 files changed, 61 insertions(+), 32 deletions(-) commit 7c27e9fbbe86b3268065f248eab2d6964983a715 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-19 trust: Don't use POSIX or GNU basename() Both are nasty. Do our own, and test it a bit https://bugs.freedesktop.org/show_bug.cgi?id=62479 common/compat.c | 44 +++++++++++++--------- common/compat.h | 17 ++++++--- common/tests/Makefile.am | 1 + common/tests/test-compat.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++ trust/module.c | 5 ++- trust/parser.c | 4 +- 6 files changed, 137 insertions(+), 27 deletions(-) commit 535475c238c427cb685b4282997f7bce0876bfdf Author: Andreas Metzler <ametzler@downhill.at.eu.org> Date: 2013-03-19 Do not export (de)constructor Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini respectively to stop them from being exported in the ABI. It does not seem to be necessary. p11-kit/util.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1d60d5a6b8c5784b7ac10098c3d9b513094f49a8 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 Release version 0.17.2 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 4ad4d5742037f156e07a4e28b202e49984e27a89 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 trust: Fix trust tests on 32-bit builds trust/tests/test-persist.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ba67d1214f6d9254546997ceec310fce2f675679 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 trust: Fix invalid varargs call in the builder trust/builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit caaeaffb86c572f996bec31f67443da2219def84 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 Release version 0.17.1 * Fix distcheck bugs surrounding the strndup() workaround NEWS | 16 ++++++++++++++++ common/compat.c | 22 +++++++++++++++++++++- configure.ac | 9 ++------- 3 files changed, 39 insertions(+), 8 deletions(-) commit 6c47831b3bfc66e1e995fb27e80c23085bb41e08 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 trust: Provide better debugging of trust module functions Make C_FindObjects() and C_GetAttributeValue() functions dump the attributes that they're dealing with when in debug mode. trust/module.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) commit 128239732a5b7e184d5d9c505402630ee9215080 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 attrs: Change p11_attrs_to_string() to allow static templates Allow passing the number of attributes to print, which lets us use this directly on templates passed in by callers of the PKCS#11 API. common/attrs.c | 13 ++++++++----- common/attrs.h | 3 ++- common/tests/test-attrs.c | 6 +++++- trust/tests/frob-nss-trust.c | 2 +- 4 files changed, 16 insertions(+), 8 deletions(-) commit 1ad9f98b11f3f0d411bf9517f1dc8985ea3dbe2a Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 trust: Handle incorrectly encoded CKA_SERIAL_NUMBER lookups Handle lookups for trust objects (by NSS) which expect CKA_SERIAL_NUMBER attributes without appropriate DER encoding. In addition allow creation of NSS trust objects as PKCS#11 session objects, so that we can test this behavior. trust/builder.c | 2 +- trust/module.c | 47 +++++++++++++++++++++++++++++++++ trust/tests/test-module.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+), 1 deletion(-) commit f40e5f7129ece4b74aa2cb23b28b24b381bbe223 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 Add workaround for broken strndup() in firefox Unconditionally use our own strndup() until this issue is resolved and in the stable versions of various distros. See: https://bugzilla.mozilla.org/show_bug.cgi?id=826171 configure.ac | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 749c0cdfeb3b7cc86165deb1cc51c32c0768a149 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 compat: Fix trivial comment common/compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 64aa734f484f81ac97914b2ddecf68ff76b317c0 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 Use the nickname x-distrusted for CKA_X_DISTRUSTED This is a non-standard PKCS#11 attribute, so has the X prefix like the other ones we've added. common/constants.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6c574777f6ab5996a9ba3bea493e96e4ad53dc69 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 trust: Better generation of nss objects and assertions for serial+issuer In many cases certficates are distrusted by serial+issuer. Make sure this works, and fix various cases where we weren't generating compat NSS objects and compat trust assertions for these types of input. trust/builder.c | 267 ++++++++++++++++++++++------------------ trust/index.c | 3 +- trust/tests/test-builder.c | 296 ++++++++++++++++++++++++++++----------------- 3 files changed, 341 insertions(+), 225 deletions(-) commit a904e98b78b55e7a6213356225e45a04fdc457e1 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-18 Refine looking up of attributes in arrays There was a class of bugs for looking up invalid or empty attributes in the internal PKCS#11 attribute arrays. * Refine what p11_attrs_find_valid() treats as valid * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity common/attrs.c | 62 ++++++++++++------------------ common/attrs.h | 11 ++---- common/mock.c | 44 +++++++-------------- common/tests/test-attrs.c | 54 ++++++++++++++++++++++++-- tools/extract-info.c | 21 +++------- tools/extract-jks.c | 2 +- tools/extract-openssl.c | 8 ++-- tools/tests/test-extract.c | 7 ++-- trust/builder.c | 96 +++++++++++++++++++++------------------------- trust/index.c | 2 +- trust/parser.c | 8 ++-- trust/tests/test-data.c | 2 +- trust/tests/test-module.c | 4 +- 13 files changed, 158 insertions(+), 163 deletions(-) commit f71baf6adf00626e73326149d55183bc62f827ae Author: Stef Walter <stefw@gnome.org> Date: 2013-03-17 trust: Remove file that's no longer used trust/mozilla.c | 301 -------------------------------------------------------- 1 file changed, 301 deletions(-) commit d5b9e3915d75c04c547a0db7fe0c92839a0e78a5 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 Bump version number configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 062c09fbcad6945d6c40c5f2ce47894abdf87b07 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 Fix distcheck and documentation common/tests/test-dict.c | 16 ++++++++-------- doc/manual/p11-kit-devel.xml | 15 +++++---------- trust/tests/Makefile.am | 3 +-- trust/tests/test-module.c | 7 +++++-- 4 files changed, 19 insertions(+), 22 deletions(-) commit 57e835d55f6eae39c25b97e35efe0cb58e46b897 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 trust: Update frob-nss-tool so it can compare modules for trust info Can run with two modules now so that it can compare tokens NSS trust info. common/attrs.c | 23 ++++++ common/attrs.h | 2 + trust/tests/frob-nss-trust.c | 174 ++++++++++++++++++++++++++++++++++--------- 3 files changed, 164 insertions(+), 35 deletions(-) commit 7fd74a78fcad81227be3650239669bca5851a1db Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 trust: Support a p11-kit specific serialization format This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156 common/Makefile.am | 2 + common/basic.asn | 12 + common/basic.asn.h | 13 + doc/internal/persist-format.txt | 54 ++++ trust/Makefile.am | 1 + trust/parser.c | 35 +++ trust/persist.c | 401 +++++++++++++++++++++++++++++ trust/persist.h | 59 +++++ trust/tests/Makefile.am | 1 + trust/tests/input/verisign-v1.p11-kit | 17 ++ trust/tests/test-builder.c | 39 --- trust/tests/test-data.h | 39 +++ trust/tests/test-module.c | 2 +- trust/tests/test-parser.c | 32 +++ trust/tests/test-persist.c | 472 ++++++++++++++++++++++++++++++++++ trust/tests/test-token.c | 2 +- 16 files changed, 1140 insertions(+), 41 deletions(-) commit 48004b92d4c65080ac71f6a48297abd4d83dfdcb Author: Stef Walter <stefw@gnome.org> Date: 2013-03-11 url: Split out the URL encoding and decoding functions We want to use these as the format for encoding binary data in our PKCS#11 attribute persistence https://bugs.freedesktop.org/show_bug.cgi?id=62156 common/Makefile.am | 1 + common/tests/Makefile.am | 1 + common/tests/test-url.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++ common/url.c | 142 ++++++++++++++++++++++++++++++++++++++++ common/url.h | 59 +++++++++++++++++ p11-kit/uri.c | 120 ++++------------------------------ 6 files changed, 381 insertions(+), 108 deletions(-) commit 06bf3da80eb780621e0f1eb0ab8d4716ed7b3478 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-11 lexer: Make a lexer for our config file format This lexer will be used in our PKCS#11 persistence format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156 common/Makefile.am | 1 + common/lexer.c | 238 +++++++++++++++++++++++++++++++++++++++ common/lexer.h | 84 ++++++++++++++ common/tests/Makefile.am | 1 + common/tests/test-lexer.c | 281 ++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/conf.c | 131 +++++++-------------- 6 files changed, 644 insertions(+), 92 deletions(-) commit 29af2c1eeca2fb0257e1172753b129d638472f0f Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default This is what's recommended by the spec, and allows stapled extensions to hang off a predictable CKA_ID. https://bugs.freedesktop.org/show_bug.cgi?id=62329 common/x509.c | 22 +++++++++++++++++ common/x509.h | 5 ++++ trust/builder.c | 20 +++++++++++----- trust/parser.c | 48 +++++++++++++++++--------------------- trust/tests/files/verisign-v1.der | Bin 0 -> 576 bytes trust/tests/test-builder.c | 18 +++++++++++++- trust/tests/test-module.c | 10 ++++---- trust/tests/test-parser.c | 31 ++++++++++++++++++++++++ 8 files changed, 115 insertions(+), 39 deletions(-) commit 2d75eb32793a569dc3de359bb623713c80393d24 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-14 trust: Add a builder which builds objects out of parsed data The builder completes the objects from the parsed data and takes over the responsibilities that the parser and adapter previously shared. This is necessary to prepare for arbitrary data coming from the p11-kit specific input files. https://bugs.freedesktop.org/show_bug.cgi?id=62329 build/certs/entrust-invalid.der | Bin 0 -> 1120 bytes build/certs/verisign-v1.der | Bin 0 -> 576 bytes trust/Makefile.am | 2 +- trust/adapter.c | 472 ------------ trust/builder.c | 1556 +++++++++++++++++++++++++++++++++++++ trust/{adapter.h => builder.h} | 36 +- trust/parser.c | 836 +++++--------------- trust/parser.h | 45 +- trust/session.c | 7 +- trust/session.h | 2 + trust/tests/Makefile.am | 1 + trust/tests/test-builder.c | 1611 +++++++++++++++++++++++++++++++++++++++ trust/tests/test-data.c | 2 - trust/tests/test-module.c | 28 +- trust/tests/test-parser.c | 666 +++------------- trust/tests/test-token.c | 58 +- trust/token.c | 21 +- 17 files changed, 3593 insertions(+), 1750 deletions(-) commit d7d68de6c9de9190c85da36b731e61ae3421a811 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-14 attrs: Add info functions for constant names and values * For retrieving the name and/or nick of constants * The nick is what we'll use in the file format https://bugs.freedesktop.org/show_bug.cgi?id=62329 common/Makefile.am | 1 + common/attrs.c | 242 ++-------------------------- common/constants.c | 363 ++++++++++++++++++++++++++++++++++++++++++ common/constants.h | 74 +++++++++ common/tests/Makefile.am | 1 + common/tests/test-constants.c | 117 ++++++++++++++ 6 files changed, 566 insertions(+), 232 deletions(-) commit ff009f8a671e6ddd02a684bb1707a2a797fe4600 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-12 trust: Refactor to include concept of the index * The index holds PKCS#11 objects whether for the token or for the session. * The index provides hook for a builder to expand or validate objects being added to the index. * In addition theres a change hook so that a builder can maintain state between objects, such as the compat NSS trust objects. https://bugs.freedesktop.org/show_bug.cgi?id=62329 trust/Makefile.am | 1 + trust/index.c | 566 +++++++++++++++++++++++ trust/index.h | 126 ++++++ trust/module.c | 111 ++--- trust/session.c | 121 +---- trust/session.h | 19 +- trust/tests/Makefile.am | 2 +- trust/tests/frob-token.c | 6 +- trust/tests/test-index.c | 1063 ++++++++++++++++++++++++++++++++++++++++++++ trust/tests/test-module.c | 238 ++++++++++ trust/tests/test-session.c | 161 ------- trust/tests/test-token.c | 32 +- trust/token.c | 32 +- trust/token.h | 3 +- 14 files changed, 2097 insertions(+), 384 deletions(-) commit 3fc6365093ad07b2eb5ef859093c5c5eb56ee700 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-14 attrs: New p11_attrs_merge() function This takes one set of attributes and merges them into another, without copying memory needlessly. https://bugs.freedesktop.org/show_bug.cgi?id=62329 common/attrs.c | 52 ++++++++++++++++++++--- common/attrs.h | 4 ++ common/tests/test-attrs.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 153 insertions(+), 6 deletions(-) commit 5208fc8539aabc626c1699f181e1191d6bb1c787 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-14 asn1: Implement a parsed ASN.1 tree cache In order to unmarry the parser from the future builder, but still retain efficiency, we need to be able to cache parsed ASN.1 trees. The ASN.1 cache provides this. In addition it carries around the loaded ASN.1 definitions. https://bugs.freedesktop.org/show_bug.cgi?id=62329 common/asn1.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++ common/asn1.h | 21 +++++++++ common/tests/test-asn1.c | 46 ++++++++++++++++++++ 3 files changed, 177 insertions(+) commit 07a53cecc3220b3811f9db7514e49235fff32b94 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 extract: Combine trust policy when extracting * Collapse multiple identical certificates coming from different tokens. Note that if a certificate should not be placed multiple times on a token. We cannot know which one to respect. * Add a new extract filter: --trust-policy This extracts all anchor and blacklist information https://bugs.freedesktop.org/show_bug.cgi?id=61497 doc/manual/p11-kit.xml | 19 ++++- tools/extract-info.c | 80 ++++++++++++++++++++- tools/extract.c | 82 ++++++++++++++-------- tools/extract.h | 4 ++ tools/tests/test-extract.c | 171 +++++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 313 insertions(+), 43 deletions(-) commit 7fc0ecd1ca7840e71958e62163b27d645c936c25 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 extract: --comment option adds comments to PEM bundles * Placed before the certificate, simple one liner * No need to put comments in PEM files extracted into directories, as the file names are already descriptive. https://bugs.freedesktop.org/show_bug.cgi?id=62029 doc/manual/p11-kit.xml | 5 +++++ tools/extract-info.c | 20 ++++++++++++++++++++ tools/extract-openssl.c | 11 ++++++++++- tools/extract-pem.c | 11 +++++++++-- tools/extract.c | 6 ++++++ tools/extract.h | 8 ++++++++ tools/tests/test-extract.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 103 insertions(+), 3 deletions(-) commit 58e1e3764250fbda96c5ef7244e891a6be04d4cb Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 extract: Allow p11_save_write() to automatically calculate length Also if automatically calculating length, then ignore input that is NULL, as something that shouldn't be written out. This allows easier chaining of optional output, such as comments. https://bugs.freedesktop.org/show_bug.cgi?id=62029 tools/save.c | 11 +++++++-- tools/save.h | 4 ++-- tools/tests/files/empty-file | 0 tools/tests/files/simple-string | 1 + tools/tests/test-save.c | 50 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 62 insertions(+), 4 deletions(-) commit 8fd55c8089c90b52f00e4ffad572d1b9da72e6ba Author: Stef Walter <stefw@gnome.org> Date: 2013-03-07 p11-kit: New priority option and change trust-policy option * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978 doc/manual/p11-kit-trust.xml | 5 ++- doc/manual/pkcs11.conf.xml | 20 ++++++--- p11-kit/modules.c | 47 ++++++++++++++++++++++ p11-kit/tests/files/package-modules/four.module | 1 + .../tests/files/package-modules/win32/four.module | 1 + .../files/system-modules/two-duplicate.module | 1 + p11-kit/tests/files/system-modules/two.badname | 1 + .../tests/files/system-modules/win32/one.module | 3 +- .../system-modules/win32/two-duplicate.module | 1 + .../tests/files/system-modules/win32/two.badname | 1 + p11-kit/tests/files/user-modules/three.module | 3 +- .../tests/files/user-modules/win32/three.module | 3 +- p11-kit/tests/test-modules.c | 42 +++++++++++++++++++ tools/extract.c | 47 +++------------------- trust/p11-kit-trust.module | 14 +++++-- 15 files changed, 136 insertions(+), 54 deletions(-) commit 0e75a5ba8261955d4d75a38a528f79ff4edd5c21 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-06 trust: Make each configured path its own token * Each source directory or file configured into the module or passed in as an initialization argument becomes its own token. Previously there was one token that contained certificates from all the configured paths. * These tokens are clearly labeled in the token info as to the directory or file that they represent. * Update PKCS#11 module logic to deal with multiple tokens, validate the slot ids and so on. * The order in which the paths are configured will become the order of trust priority. This is the same order in which they are listed through 'p11-kit list-modules' and C_GetSlotList. * Update the frob-token internal tool to only play with one path * Adjust tests where necessary to reflect the new state of things and add tests for modified trust module code https://bugs.freedesktop.org/show_bug.cgi?id=61499 trust/module.c | 202 +++++++++++++++++++++++--------- trust/tests/frob-token.c | 4 +- trust/tests/test-module.c | 283 +++++++++++++++++++++++++++++++++++++++------ trust/tests/test-session.c | 2 +- trust/tests/test-token.c | 33 +++++- trust/token.c | 64 ++++------ trust/token.h | 8 +- 7 files changed, 460 insertions(+), 136 deletions(-) commit d2128c263ea77e4f99bccc6ac46964ad419ec2d1 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-06 dict: Allow removal of current item in a p11_dict iteration * This was already possible to do safely before * Document and test this behavior https://bugs.freedesktop.org/show_bug.cgi?id=61499 common/dict.h | 2 ++ common/tests/test-dict.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) commit 86e60637394340ef2fa3b3db6b451dac1d73052b Author: Stef Walter <stefw@gnome.org> Date: 2013-03-14 trust: Rework input path treatment * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327 build/certs/Makefile.am | 13 ++- build/certs/self-signed-with-ku.der | Bin 501 -> 478 bytes configure.ac | 74 ++++--------- doc/manual/p11-kit-trust.xml | 61 +++++----- p11-kit/p11-kit-1.pc.in | 3 - trust/module.c | 21 ++-- trust/parser.c | 47 +++++++- trust/tests/certificates/self-signed-with-ku.der | Bin 501 -> 0 bytes .../self-signed-with-eku.der | Bin trust/tests/frob-token.c | 2 +- trust/tests/{ => input}/anchors/cacert3.der | Bin trust/tests/{ => input}/anchors/testing-ca.der | Bin .../{files => input/blacklist}/self-server.der | Bin trust/tests/{certificates => input}/cacert-ca.der | Bin trust/tests/input/distrusted.pem | 23 ++++ trust/tests/test-module.c | 8 +- trust/tests/test-session.c | 2 +- trust/tests/test-token.c | 123 ++++++++++++++++++++- trust/token.c | 78 ++++++++----- trust/token.h | 3 +- 20 files changed, 318 insertions(+), 140 deletions(-) commit bf63f009cd4a1147a3e0684d898f140f46666b0e Author: Stef Walter <stefw@gnome.org> Date: 2013-03-15 pem: Fix a bug decoding some PEM files When bringing over the BSD base64 code, there was a regression. In addition add some tests for the base64 stuff. common/base64.c | 19 ++-- common/tests/Makefile.am | 1 + common/tests/test-base64.c | 212 +++++++++++++++++++++++++++++++++++++++++++ trust/tests/files/thawte.pem | 25 +++++ 4 files changed, 246 insertions(+), 11 deletions(-) commit 08f11e4c8fb173ed1341e6e0cf0cb0403df7e547 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-10 Don't overwrite the build directory when uploading documentation Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3177cbccb237bfef66721eeb773b574f1d8ba076 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-10 Fix up the system anchors/certificates configure arguments Double check various combinations, and make sure we don't fail needlessly when --disable-trust-module. Also check that actual paths are passed into the arguments. configure.ac | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) commit df29c0dcb6cce6a215dee9dc4e17aff59ae67c5b Author: Stef Walter <stefw@gnome.org> Date: 2013-03-11 doc: Move manual into doc/manual subdirectory .gitignore | 34 ++++---- Makefile.am | 2 +- configure.ac | 7 +- doc/Makefile.am | 132 +------------------------------ doc/manual/Makefile.am | 132 +++++++++++++++++++++++++++++++ doc/{ => manual}/annotation-glossary.xml | 0 doc/{ => manual}/docbook-params.xsl | 0 doc/{ => manual}/p11-kit-config.xml | 0 doc/{ => manual}/p11-kit-devel.xml | 0 doc/{ => manual}/p11-kit-docs.sgml | 0 doc/{ => manual}/p11-kit-overrides.txt | 0 doc/{ => manual}/p11-kit-sections.txt | 0 doc/{ => manual}/p11-kit-sharing.xml | 0 doc/{ => manual}/p11-kit-trust.xml | 6 +- doc/{ => manual}/p11-kit.xml | 2 +- doc/{ => manual}/pkcs11.conf.xml | 0 doc/{ => manual}/style.css | 0 doc/{ => manual}/version.xml.in | 0 18 files changed, 159 insertions(+), 156 deletions(-) commit 0a6bf1bfad01aae0b707b9e13e6d14deade9cecf Author: Stef Walter <stefw@gnome.org> Date: 2013-03-12 Release version 0.16.4 NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 22993290d75bacb33c177be8ee2bc78ea0687ac8 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-11 tools: Display per-command help appropriately * Fixes a regression * In addition allows --help to be specified before the command. If a command is present, command help will be shown https://bugs.freedesktop.org/show_bug.cgi?id=62153 tools/tool.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit c80956aef3abaa90fa9ab7c2873a45adbe127dc4 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-11 tools: Initialize local debug code correctly Unless initialized according to the environment all debug output is printed. https://bugs.freedesktop.org/show_bug.cgi?id=62152 tools/tool.c | 3 +++ 1 file changed, 3 insertions(+) commit ee632a4a904f9f16c66a24c97f5724f0c3150b10 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 Release version 0.16.3 NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit b5660380769aa5b1c9b51af7e0fd2f18ed463a7e Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 iter: Don't skip tokens that don't have CKF_TOKEN_INITIALIZED This flag is not required to be set unless C_InitToken has been called. Many modules, like libnssckbi.so, do not set this flag. p11-kit/iter.c | 4 ---- p11-kit/tests/test-iter.c | 33 --------------------------------- 2 files changed, 37 deletions(-) commit ab14d9291df41b27f70ec3158d94f50f68ed80e1 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 trust: add a simple frob-nss-token tool to dump distrust Add a simple tool to dump NSS style distrust attributes from a module. trust/tests/Makefile.am | 6 +++ trust/tests/frob-nss-trust.c | 103 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) commit 6ecf586a1e31f2874c7b185f4f2061aa9e83c08a Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 trust: Use the new NSS PKCS#11 extension codes NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync. common/attrs.c | 76 +++++++++++++++++++++++------------------------ common/pkcs11x.h | 59 ++++++++++++++++++------------------ trust/adapter.c | 22 +++++++------- trust/tests/test-module.c | 4 +-- trust/tests/test-parser.c | 22 +++++++------- trust/token.c | 6 ++-- 6 files changed, 95 insertions(+), 94 deletions(-) commit 66fbcf7b6aac7fb808d3146335625cc15d4d2959 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 Hard code distrust temporarily. This is because we have no way to load this data into the trust module. Working on a real solution. trust/token.c | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 149 insertions(+), 1 deletion(-) commit b96095115a17818d3e6107e10bad0fef757611d7 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 tools: Parse global options appropriately, even if after command tools/tool.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) commit 2ce1b21109c90b7dab240806686829e498875d74 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 trust: Refactor how we load builtin objects trust/token.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit b06b58b275ebccf6d7360083708b2614dd75e1b5 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 Don't shove messages into debug output if they're already displayed common/library.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 347ac14998835ee18e5958a8b7c9aa1afec8eaa2 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 Release 0.16.2 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit ba9cb5cab824fa4180355def6bc2e464b4e24ab0 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 extract: Use bool instead of int where appropriate tools/extract-info.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) commit d7aee0a1ab76fb1299db5cf398088ebec1fe98be Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 tools: Add a bit of debugging to the PEM extract handler common/debug.h | 1 + tools/extract-pem.c | 3 +++ 2 files changed, 4 insertions(+) commit 082bc5773abe1c003bf34bbb3bf6a6b5282a212c Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 extract: Fix regression in --purpose option The --purpose option would only match certificates that had no purposes marked on them. Fix it so that it correctly matches certificates with the given purpose. https://bugs.freedesktop.org/show_bug.cgi?id=62009 tools/extract-info.c | 13 ++++++++++-- tools/tests/test-extract.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 2 deletions(-) commit fc383e025f09af70d3eb52fcd7e03c02733b14b0 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 Document and put code coverage online * Document our testing practices * Put lcov code coverage output online Makefile.am | 16 ++++++++++++---- doc/p11-kit-devel.xml | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 4 deletions(-) commit 945585b698b08b6f349e2e104862589b5acce0aa Author: Stef Walter <stefw@gnome.org> Date: 2013-03-08 Properly detect the stdbool.h header https://bugs.freedesktop.org/show_bug.cgi?id=62001 configure.ac | 2 ++ 1 file changed, 2 insertions(+) commit cc6189fc4051be33c6f5c86ab767e614633bf831 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-07 Release version 0.16.1 NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) commit 85eaff1aebb0e6625382fba179164490b6ebb538 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-07 doc: Fix external URLs in documentation doc/p11-kit-devel.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit ae05057c69a6ef9ed49b47db6e9ba2b8acdcfe23 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-07 doc: Add P11_KIT_STRICT=yes debugging tip doc/p11-kit-devel.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 220d7b027871f79f446c7b3c2db9ef43f24c19cc Author: Stef Walter <stefw@gnome.org> Date: 2013-03-07 x509: Don't break when cA field of BasicConstraints is missing The field defaults to FALSE. It sucks that libtasn1 doesn't fill this in for us. https://bugs.freedesktop.org/show_bug.cgi?id=61975 common/x509.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 3e532011ac100391315ffa13f537ed130cc45b2e Author: Stef Walter <stefw@gnome.org> Date: 2013-03-07 tools: Remove extra debugging statement when running external commands tools/tool.c | 1 - 1 file changed, 1 deletion(-) commit be5d505fe840836561488bba3d11d8584ca9cb97 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-07 extract-trust: Turn into a placeholder script that does nothing If the 'p11-kit extract-trust' command is to be used by distributions, make them customize it appropriately. tools/p11-kit-extract-trust.in | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) commit 0644bfd4c09c710fec1ed424779919fea7c06fca Author: Stef Walter <stefw@gnome.org> Date: 2013-03-07 doc: Don't wrap the options in the pkcs11.conf manual page doc/pkcs11.conf.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 7b3da7d5bdaa97488668a16fcf1ea04b3d9de64e Author: Stef Walter <stefw@gnome.org> Date: 2013-03-04 Release version 0.16.0 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 3f13da890649b8cb88e8e2e39872831c13567a1e Author: Stef Walter <stefw@redhat.com> Date: 2013-03-04 Build with the libtasn1 CFLAGS properly Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=61739 common/Makefile.am | 3 +++ common/tests/Makefile.am | 4 ++++ tools/Makefile.am | 4 +++- tools/tests/Makefile.am | 4 +++- trust/Makefile.am | 1 + 5 files changed, 14 insertions(+), 2 deletions(-) commit 14b3b3d158bdd874f5bbd626f948d20e78b38f01 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-04 Redo mock.h header in order to relicense Rewrite the mock.h header to relicense it. It is based on the BSD licensed mock.c file, so this isn't a big issue. common/mock.h | 1353 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 686 insertions(+), 667 deletions(-) commit a90cb3cc21fc479434165c8c531e1e49a6de6dd4 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-04 Remove duplicate typedef https://bugs.freedesktop.org/show_bug.cgi?id=60894 p11-kit/iter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3ccec864bfc57ebdd524a0c9603aca829c64e3dc Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2013-03-03 Fix missing bracket in trust module check This fixes building --without-libtasn1 https://bugs.freedesktop.org/show_bug.cgi?id=61740 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 205ed0e0e26010150950e9e963a9a36693b5f71e Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Initialize modules correctly in tests This fixes hangs when running tests on windows tools/tests/test-extract.c | 2 ++ tools/tests/test-openssl.c | 2 ++ tools/tests/test-pem.c | 2 ++ tools/tests/test-save.c | 2 ++ tools/tests/test-x509.c | 2 ++ trust/tests/test-module.c | 2 +- trust/tests/test-parser.c | 1 + trust/tests/test-session.c | 1 + trust/tests/test-token.c | 1 + 9 files changed, 14 insertions(+), 1 deletion(-) commit 6c55425a7de23a71d0abc3137f0015e878188bae Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Windows doesn't support symlinks, chmod, or atomic renames * Don't create symlinks on windows * No atomic renames, so delete and then rename * Make sure to close files before unlinking on windows * No chmod permissions on windows tools/extract-openssl.c | 14 +++++++++++++- tools/save.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- tools/save.h | 4 ++++ tools/tests/test-openssl.c | 7 ++++++- tools/tests/test-save.c | 26 ++++++++++++++++++++++++-- tools/tests/test.c | 4 ++++ tools/tests/test.h | 8 ++++++++ 7 files changed, 101 insertions(+), 6 deletions(-) commit 3acf285916968a05ea42b3ef0f9654a33e308da7 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Use mingw compatible coverage flags The way that coverage is built and linked is different with mingw so just use the --coverage flag to represent the correct behavior when cross compiling. configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5868e4aba23b211d8dd35af5061939ee72fe9c41 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Don't use wchar_t for storing unicode characters On Win32 wchar_t is only 2 bytes, which breaks our UTF-8 conversion functions. common/utf8.c | 71 ++++++++++++++++++++++++++++++----------------------------- 1 file changed, 36 insertions(+), 35 deletions(-) commit bee435e09111f43dcc406160e9c9bdd8645fc86c Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Fix syntax errors in OS_WIN32 ifdefs common/compat.h | 4 ++-- common/library.c | 6 +++--- p11-kit/conf.c | 2 +- p11-kit/util.c | 4 ++-- trust/module.c | 6 ++++-- trust/tests/test-module.c | 2 ++ 6 files changed, 14 insertions(+), 10 deletions(-) commit 61e0cb5dddb89ddab1d68791eb28d892c114622f Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Open files in binary mode on windows So that the Windows' C library doesn't munge line endings common/compat.h | 4 ++++ p11-kit/conf.c | 2 +- p11-kit/pin.c | 2 +- tools/tests/test.c | 11 +++++------ 4 files changed, 11 insertions(+), 8 deletions(-) commit d9076a99c59bb0132b25277a2340f428c9b6c98e Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Add compat gmtime_r() and timegm() functions Not available on Win32 or ancient unixes common/compat.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 15 +++++++++++++++ configure.ac | 6 ++++++ 3 files changed, 76 insertions(+) commit 2737be8914270275d07ccf4526a4ba8b781c195e Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Add compat mkstemp() and mkdtemp() functions Not available on Win32 or ancient unixes common/compat.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 12 +++++ 2 files changed, 156 insertions(+) commit 193f0043a546e0ef186addb2a0487d09e690d5b1 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Add compat vasprintf() and asprintf() functions These are not available on Win32 and ancient unixes common/compat.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 17 +++++++++++++++ configure.ac | 1 + 3 files changed, 84 insertions(+) commit 66ee55e5947682d10eed7a36b9da72a8cf6a40f2 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Add compat strndup() function Not available on Win32 and ancient unixes common/compat.c | 22 ++++++++++++++++++++++ common/compat.h | 7 +++++++ configure.ac | 1 + 3 files changed, 30 insertions(+) commit ae76545a0094114ef29dba52df97e69ab28b3dbc Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Abstract mmap() into a compat API The Win32 for mmap() is very different from Unix, so abstract this into our own p11_mmap_xxx() functions. common/compat.c | 158 +++++++++++++++++++++++++++++++++++++---------- common/compat.h | 16 +++++ common/tests/frob-cert.c | 35 ++++------- tools/tests/test.c | 2 + trust/parser.c | 28 +++------ 5 files changed, 160 insertions(+), 79 deletions(-) commit 38acf11889c1e1da2610c8e05f1f380f2a2a1ae6 Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Use putenv() instead of setenv() Since older operating systems don't support setenv() common/tests/test-asn1.c | 2 +- common/tests/test-attrs.c | 2 +- common/tests/test-buffer.c | 2 +- common/tests/test-oid.c | 2 +- common/tests/test-x509.c | 2 +- p11-kit/tests/conf-test.c | 2 +- p11-kit/tests/pin-test.c | 2 +- p11-kit/tests/progname-test.c | 2 +- p11-kit/tests/test-init.c | 2 +- p11-kit/tests/test-iter.c | 2 +- p11-kit/tests/test-modules.c | 2 +- p11-kit/tests/uri-test.c | 2 +- trust/tests/test-module.c | 2 +- trust/tests/test-parser.c | 2 +- trust/tests/test-session.c | 2 +- trust/tests/test-token.c | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) commit 7823c9ddcb18b5155b3cc0e9d9f57ad0333d5eba Author: Stef Walter <stefw@gnome.org> Date: 2013-03-03 Add compat implementation of basename() For Win32 and older unixes common/compat.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ common/compat.h | 6 ++++++ configure.ac | 5 +++-- 3 files changed, 71 insertions(+), 2 deletions(-) commit 02d7da2ba2247d017f248dd48e4365bd0a219bff Author: Stef Walter <stefw@gnome.org> Date: 2013-02-24 tools: Update comments for cacerts jks format tools/extract-jks.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b06bee023df6f4f2b004030e86e8ee90579681f5 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-20 Rename p11_module_xxx() compat functions to p11_dl_xxx() For clarity. In addition, make p11_dl_close() able to be used as a destroyer callback. Also make p11_dl_error() return an allocated string common/compat.c | 18 +++++++++--------- common/compat.h | 20 ++++++++++---------- p11-kit/modules.c | 15 ++++++++++----- 3 files changed, 29 insertions(+), 24 deletions(-) commit 6521cccc021530f59f2f5e60a9cbf0c5b458360d Author: Stef Walter <stefw@gnome.org> Date: 2013-02-15 Update the pkcs11.h header for missing mechanisms common/attrs.c | 2 +- common/pkcs11.h | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) commit 95ec58961a480c15fe780bbce6d6cd974f478407 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-06 Only do shared object and DLL initialization in libraries Don't do library initialization on shared object load when not running in a library. We'll want to plug into this and do different things per library in the future. common/library.c | 60 +++++++++++--------------------------------------------- common/library.h | 2 ++ p11-kit/util.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++ trust/module.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 122 insertions(+), 49 deletions(-) commit c6ebe7eb68e07e4f22c7b7ede14a1e4f04e893b7 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-15 Move pkcs11.conf and module documentation to a manual page .gitignore | 1 + doc/Makefile.am | 19 ++++- doc/p11-kit-config.xml | 166 +++------------------------------------ doc/p11-kit-docs.sgml | 3 +- doc/p11-kit.xml | 5 +- doc/pkcs11.conf.xml | 207 +++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 239 insertions(+), 162 deletions(-) commit 726e98ed071601770c2724f358eabbbc682f1fdc Author: Stef Walter <stefw@gnome.org> Date: 2013-02-13 Pull translations from transifex * Build a script to help with this https://bugs.freedesktop.org/show_bug.cgi?id=60792 .gitignore | 1 + Makefile.am | 3 + build/tx-update | 68 +++++++++++ po/LINGUAS | 34 ++++++ po/bg.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/cs.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/de.po | 24 ++-- po/el.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/en_GB.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/eo.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/es.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/eu.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/fa.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/fi.po | 20 ++-- po/fr.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/gl.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/hr.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/hu.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ia.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/id.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/it.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ja.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ka.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ko.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/lv.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/nl.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pa.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pl.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/pt_BR.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/ru.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sk.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sl.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sq.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/sr.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/te.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/tr.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/uk.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_CN.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_HK.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_TW.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 40 files changed, 11845 insertions(+), 21 deletions(-) commit 380f457ce458e32f1ccc15acfa664df82629981f Author: Stef Walter <stefw@gnome.org> Date: 2013-02-12 Relicense the buffer code appropriate for inclusion in p11-kit * All original lines in this file upon arrival in the p11-kit project were written by me, and copyright held by me. common/buffer.c | 57 ++++++++++++++++++++++++++++++++++----------------------- common/buffer.h | 57 ++++++++++++++++++++++++++++++++++----------------------- 2 files changed, 68 insertions(+), 46 deletions(-) commit 65e68c88d85d8b6896afe9f9e101aefb618ce6be Author: Stef Walter <stefw@gnome.org> Date: 2013-02-12 Release version 0.15.2 * This is an unstable release NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit efef089a772f4f05caefebf2a6466b4225dc9b00 Author: Timo Jyrinki <timo.jyrinki@iki.fi> Date: 2013-02-12 Add finish translation po/LINGUAS | 1 + po/fi.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 344 insertions(+) commit 41b3f707906a4f6273f7fdb1174be3343bbf1ea7 Author: Andreas Metzler <ametzler@downhill.at.eu.org> Date: 2011-09-24 Add and enable German gettext translation Enable installation of gettext translations and add German translation by Chris Leick. .gitignore | 3 + configure.ac | 3 + po/LINGUAS | 4 + po/de.po | 351 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 361 insertions(+) commit b90410f7c6ef5e1bb73837d7ddbda855a91ac79f Author: Andreas Metzler <ametzler@downhill.at.eu.org> Date: 2013-02-12 Respect destdir when creating package module config directory p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 04781672277a537551c369ae71ecdc8410e31dc3 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-11 Fix dereference of varargs in p11_attrs_build() https://bugs.freedesktop.org/show_bug.cgi?id=60473 common/attrs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 077fd91bed34bb6226e0a43a26f9e546372db54a Author: Stef Walter <stefw@gnome.org> Date: 2013-02-11 Remove unnecessary code to be more compatible with various libtasn1 versions https://bugs.freedesktop.org/show_bug.cgi?id=60434 common/asn1.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 828df42b98fa0ffc1695db8af9bd0bd03f2583bc Author: Andreas Metzler <ametzler@downhill.at.eu.org> Date: 2013-02-07 Don't require explictly disabling trust module if --without-libtasn1 And provide more intelligent error messages about why to build with libtasn1 Tweaked by Stef Walter configure.ac | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) commit 2e8ce8c5ecb6d1f1c8f0af244d9f9b75dc6050ea Author: Stef Walter <stefw@gnome.org> Date: 2013-02-06 Fix various clang analyzer warnings * Add annotations to our precondition functions so that they don't make the analyzer complain common/compat.h | 13 +++++++++++++ common/debug.h | 3 ++- p11-kit/conf.c | 2 +- p11-kit/pin.c | 3 ++- p11-kit/uri.c | 1 - tools/extract-openssl.c | 9 +++++++-- tools/extract.c | 3 +++ tools/tool.c | 3 +-- 8 files changed, 29 insertions(+), 8 deletions(-) commit 0c6517104d1306228c31e596b0df6a4fb5af4dd1 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-05 Our minimum version of libtasn1 is 2.14 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e7fe6fd2cdde5e15a14abca39303c5049174f4f9 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-05 Release version 0.15.1 * This is an unstable release NEWS | 14 ++++++++++++++ configure.ac | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) commit f3a3e1e6a413dc93d0a1eb330a32404d803f5307 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-03 Add a placeholder external 'extract-trust' command .gitignore | 1 + configure.ac | 1 + doc/p11-kit-devel.xml | 23 +++++++++++++++++++++++ doc/p11-kit.xml | 19 +++++++++++++++++++ tools/Makefile.am | 4 ++++ tools/p11-kit-extract-trust.in | 27 +++++++++++++++++++++++++++ 6 files changed, 75 insertions(+) commit 08f1a7f3cfe87bc19ecd564711b4d2beaa603924 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-01 Implement support for java JKS keystore format * All aliases must be lower case in order to work with the default keystore implementation. doc/p11-kit.xml | 4 + tools/Makefile.am | 2 +- tools/extract-jks.c | 331 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/extract.c | 4 +- 4 files changed, 339 insertions(+), 2 deletions(-) commit 32ca4f6d3167d08fc985d66fe48f453954596f87 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-03 Use the CN, OU or O of certificates to generate a label * This is in cases where the certificate information does not already have a friendly name or alias. common/Makefile.am | 1 + common/oid.h | 18 +++++ common/tests/Makefile.am | 1 + {tools => common}/tests/test-utf8.c | 0 common/tests/test-x509.c | 81 +++++++++++++++++++++ {tools => common}/utf8.c | 0 {tools => common}/utf8.h | 0 common/x509.c | 136 ++++++++++++++++++++++++++++++++++++ common/x509.h | 16 +++++ tools/extract-openssl.c | 70 ++++--------------- tools/tests/Makefile.am | 7 -- tools/tests/test-openssl.c | 16 +++-- trust/parser.c | 51 ++++++++------ trust/tests/test-parser.c | 22 +++--- 14 files changed, 318 insertions(+), 101 deletions(-) commit 39e9f190416ecb4260a3b079e1d79fc2e55f5a33 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-30 Add support for exporting OpenSSL's TRUSTED CERTIFICATE format build/certs/Makefile.am | 9 + doc/p11-kit.xml | 8 + tools/Makefile.am | 2 + tools/extract-openssl.c | 686 +++++++++++++++++++++ tools/extract.c | 4 + tools/tests/Makefile.am | 15 + tools/tests/files/cacert3-distrust-all.pem | 44 ++ tools/tests/files/cacert3-distrusted-all.pem | 43 ++ tools/tests/files/cacert3-not-trusted.pem | 42 ++ tools/tests/files/cacert3-trusted-alias.pem | 42 ++ .../files/cacert3-trusted-client-server-alias.pem | 43 ++ tools/tests/files/cacert3-trusted-keyid.pem | 42 ++ tools/tests/files/cacert3-trusted-multiple.pem | 85 +++ tools/tests/test-openssl.c | 671 ++++++++++++++++++++ tools/tests/test-utf8.c | 252 ++++++++ tools/tests/test.h | 9 + tools/utf8.c | 328 ++++++++++ tools/utf8.h | 53 ++ 18 files changed, 2378 insertions(+) commit dbcf3c049f4aadc1d25eb952b4feabdec14cf35d Author: Stef Walter <stefw@gnome.org> Date: 2013-01-30 Add support for extracting to pem-bundle and pem-directory formats build/certs/Makefile.am | 2 + doc/p11-kit.xml | 8 ++ tools/Makefile.am | 1 + tools/extract-pem.c | 125 +++++++++++++++++ tools/extract.c | 2 + tools/tests/Makefile.am | 8 ++ tools/tests/files/cacert3-twice.pem | 84 +++++++++++ tools/tests/files/cacert3.pem | 42 ++++++ tools/tests/test-pem.c | 269 ++++++++++++++++++++++++++++++++++++ 9 files changed, 541 insertions(+) commit 5df24bf0fb8532e0ebdf5f2366834848fdf6097d Author: Stef Walter <stefw@gnome.org> Date: 2013-01-23 Implement code for writing PEM * Based on the gcr code * Bring in base64 output code from BSD * Make sure to output base64 lines of 64 character length since this is what OpenSSL expects common/base64.c | 62 ++++++++++++++++++++++++++ common/base64.h | 6 +++ common/pem.c | 54 ++++++++++++++++++++++- common/pem.h | 5 +++ common/tests/test-pem.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 237 insertions(+), 4 deletions(-) commit 722efb88cf12261d705e2a6dfb4aceab9ff7b76f Author: Stef Walter <stefw@gnome.org> Date: 2013-01-30 Implement basic extract support * The only formats supported are x509-file and x509-directory Allow tool to build without extract configure.ac | 1 + doc/Makefile.am | 1 - doc/p11-kit.xml | 95 ++++++++++ doc/style.css | 4 + tools/Makefile.am | 20 +- tools/extract-info.c | 359 +++++++++++++++++++++++++++++++++++ tools/extract-x509.c | 116 ++++++++++++ tools/extract.c | 461 +++++++++++++++++++++++++++++++++++++++++++++ tools/extract.h | 110 +++++++++++ tools/tests/Makefile.am | 15 ++ tools/tests/test-extract.c | 301 +++++++++++++++++++++++++++++ tools/tests/test-x509.c | 276 +++++++++++++++++++++++++++ tools/tests/test.h | 33 ++++ tools/tool.c | 3 + tools/tool.h | 3 + 15 files changed, 1796 insertions(+), 2 deletions(-) commit 9a21e6ddf9eb7bb0f13f01cddba9dedd7a6e43b3 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-23 Support for sane writing to files extracted * Implement atomic writes of files * Writing with checks that not overwriting anything unless desired * Writing and overwriting of directory contents in a robust way build/certs/Makefile.am | 2 + configure.ac | 1 + tools/Makefile.am | 3 + tools/save.c | 462 +++++++++++++++++++++++++++++++++++++++ tools/save.h | 79 +++++++ tools/tests/Makefile.am | 52 +++++ tools/tests/files/cacert3.der | Bin 0 -> 1885 bytes tools/tests/test-save.c | 494 ++++++++++++++++++++++++++++++++++++++++++ tools/tests/test.c | 200 +++++++++++++++++ tools/tests/test.h | 211 ++++++++++++++++++ 10 files changed, 1504 insertions(+) commit 3e70ecbab850bcc08ee89e1256d82cca70d80ee7 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-21 Add public iterator API to p11-kit common/mock.c | 113 +++- common/mock.h | 37 ++ doc/Makefile.am | 1 + doc/annotation-glossary.xml | 67 +++ doc/p11-kit-docs.sgml | 3 + doc/p11-kit-sections.txt | 17 + p11-kit/Makefile.am | 2 + p11-kit/iter.c | 829 +++++++++++++++++++++++++++++ p11-kit/iter.h | 101 ++++ p11-kit/p11-kit.h | 2 + p11-kit/tests/Makefile.am | 4 +- p11-kit/tests/mock-module-ep.c | 2 +- p11-kit/tests/test-iter.c | 1140 ++++++++++++++++++++++++++++++++++++++++ 13 files changed, 2308 insertions(+), 10 deletions(-) commit e5816187231ce27e5f634995e62c1d3ae5c5b2f1 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-21 Allow internal use of token and module info matching p11-kit/private.h | 6 ++++++ p11-kit/uri.c | 55 +++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 41 insertions(+), 20 deletions(-) commit 67ce28e9d9ec1528c9b762b0912d6a7e339fbcd5 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-21 Move the X.509 extension parsing code in common/ * So it can be used by other code, in addition to the trust stuff common/tests/test-x509.c | 191 +++++++++++++++++++++++++++++++++++++++++++++-- common/x509.c | 67 ++++++++++++++++- common/x509.h | 9 ++- trust/adapter.c | 132 ++++++++++++++++++-------------- trust/parser.c | 69 ++--------------- 5 files changed, 335 insertions(+), 133 deletions(-) commit 5e4a3ea9b8f254d99544490eed8e17e88c81f975 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-18 Add p11_array_clear() function * Clears an array without freeing the array itself common/array.c | 21 ++++++++++++++------- common/array.h | 2 ++ common/tests/test-array.c | 27 +++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 7 deletions(-) commit 4400d8ecc4525cfc848937dc562c542fc58a533a Author: Stef Walter <stefw@gnome.org> Date: 2013-01-04 Implement trust assertion PKCS#11 objects * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates common/oid.h | 1 - common/tests/Makefile.am | 1 + common/tests/test-oid.c | 18 +- doc/p11-kit-trust.xml | 11 + trust/Makefile.am | 2 +- trust/adapter.c | 456 ++++++++++++++++++++++++++++++++++++++++ trust/{mozilla.h => adapter.h} | 8 +- trust/p11-kit-trust.module | 3 + trust/parser.c | 5 +- trust/tests/files/redhat-ca.der | Bin 0 -> 948 bytes trust/tests/test-parser.c | 352 ++++++++++++++++++++++++++++--- 11 files changed, 804 insertions(+), 53 deletions(-) commit 7e61265ced3f33685b68bb6e2c7505485cfe0177 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-04 Refactor how parsing of ASN.1 data and certificate extensions work common/Makefile.am | 2 + common/asn1.c | 551 ++++++++++++++++++++++++++++++++++++++++++++++ common/asn1.h | 65 ++++++ common/oid.h | 12 +- common/tests/Makefile.am | 2 + common/tests/test-asn1.c | 113 ++++++++++ common/tests/test-x509.c | 185 ++++++++++++++++ common/x509.c | 152 +++++++++++++ common/x509.h | 56 +++++ trust/mozilla.c | 31 ++- trust/parser.c | 546 +++------------------------------------------ trust/parser.h | 14 +- trust/tests/test-data.h | 28 +-- trust/tests/test-parser.c | 103 --------- 14 files changed, 1193 insertions(+), 667 deletions(-) commit 8b02ff64b30311a4730b60dd72590435f56fb3a2 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-03 Fill in certificate authority and trust data correctly * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such. common/oid.h | 9 +- trust/mozilla.c | 74 +++++----- trust/parser.c | 351 ++++++++++++++++++++++++++++++++++++---------- trust/parser.h | 11 +- trust/tests/test-data.c | 18 ++- trust/tests/test-data.h | 9 ++ trust/tests/test-parser.c | 246 ++++++++++++++++++++++++-------- trust/tests/test-token.c | 2 +- 8 files changed, 552 insertions(+), 168 deletions(-) commit 18bb2582c32f4373f7ed85894fb490f2733cb03b Author: Stef Walter <stefw@gnome.org> Date: 2013-01-02 Implement stapled certificate extensions internally * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser common/Makefile.am | 1 + common/compat.c | 2 +- common/compat.h | 2 +- common/oid.c | 100 +++++ common/oid.h | 209 +++++++++ common/tests/Makefile.am | 2 + common/tests/frob-ku.c | 28 +- common/tests/frob-oid.c | 100 +++++ common/tests/test-oid.c | 133 ++++++ trust/Makefile.am | 1 + trust/mozilla.c | 284 ++++++++++++ trust/mozilla.h | 44 ++ trust/parser.c | 724 +++++++++++++++++------------- trust/parser.h | 39 +- trust/tests/files/self-signed-with-ku.der | Bin 0 -> 478 bytes trust/tests/test-data.c | 9 +- trust/tests/test-parser.c | 159 +++++-- 17 files changed, 1450 insertions(+), 387 deletions(-) commit 3b482acc47ba971406db526ebddf589ad1a8f16e Author: Stef Walter <stefw@gnome.org> Date: 2013-01-02 Better debugging and checks for attribute values trust/tests/test-data.c | 154 ++++++++++++++++++++++++---------------------- trust/tests/test-data.h | 32 +++++++++- trust/tests/test-module.c | 13 ++-- trust/tests/test-parser.c | 11 ++-- 4 files changed, 124 insertions(+), 86 deletions(-) commit e46c74aef6eee7da3cdfb17077905811b9e04a61 Author: Stef Walter <stefw@gnome.org> Date: 2012-12-19 Add tool for testing how fast the token loads trust/tests/Makefile.am | 1 + trust/tests/frob-token.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) commit 83af40091fdc50a1da21d6cd2582ecef759bfb7c Author: Stef Walter <stefw@gnome.org> Date: 2012-12-17 Some debug info about which files are being loaded trust/token.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) commit 1f47fbffe1befb30a1bd3dfcec079a8a9f2fd957 Author: Stef Walter <stefw@gnome.org> Date: 2012-12-17 Test a TRUSTED CERTIFICATE without any trust OIDs build/certs/Makefile.am | 2 ++ build/certs/redhat-newca.der | Bin 0 -> 948 bytes trust/tests/files/distrusted.pem | 23 +++++++++++++++++++++++ trust/tests/test-parser.c | 15 +++++++++++++++ 4 files changed, 40 insertions(+) commit 75654253498993ff1638e0e64440c335b54df1db Author: Stef Walter <stefw@gnome.org> Date: 2012-12-17 Add the builtin roots NSS specific object This tells NSS that this is a source of anchors. doc/p11-kit-trust.xml | 5 ++++- trust/tests/test-module.c | 27 +++++++++++++++++++++++++++ trust/tests/test-token.c | 6 +++--- trust/token.c | 28 +++++++++++++++++++++++++++- 4 files changed, 61 insertions(+), 5 deletions(-) commit c2dcd0b3cb1ccac4eff98044d43d3f8696094644 Author: Stef Walter <stefw@gnome.org> Date: 2012-12-17 Add support for openssl TRUSTED CERTIFICATE PEM files build/certs/Makefile.am | 3 + common/Makefile.am | 2 + common/openssl.asn | 28 ++++ common/openssl.asn.h | 28 ++++ doc/p11-kit-trust.xml | 8 ++ trust/parser.c | 244 ++++++++++++++++++++++++++++------ trust/tests/files/cacert3-trusted.pem | 43 ++++++ trust/tests/test-parser.c | 52 ++++++++ 8 files changed, 368 insertions(+), 40 deletions(-) commit a286df75050db8b306685cb22e491d11be842584 Author: Stef Walter <stefw@gnome.org> Date: 2012-12-17 Add support for parsing PEM files build/certs/Makefile.am | 1 + common/Makefile.am | 2 + common/base64.c | 192 +++++++++++++++++++++++++++++++ common/base64.h | 53 +++++++++ common/pem.c | 241 +++++++++++++++++++++++++++++++++++++++ common/pem.h | 50 +++++++++ common/tests/Makefile.am | 14 ++- common/tests/test-pem.c | 254 ++++++++++++++++++++++++++++++++++++++++++ trust/Makefile.am | 3 +- trust/parser.c | 38 +++++++ trust/tests/files/cacert3.pem | 42 +++++++ trust/tests/test-parser.c | 26 +++++ 12 files changed, 910 insertions(+), 6 deletions(-) commit 5147d71466455b3d087b3f3a7472a35e8216c55a Author: Stef Walter <stefw@gnome.org> Date: 2013-01-24 Add basic trust module This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects. Makefile.am | 7 + build/Makefile.am | 2 + build/certs/Makefile.am | 27 + build/certs/cacert-ca.der | Bin 0 -> 1857 bytes build/certs/cacert3.der | Bin 0 -> 1885 bytes build/certs/self-server.der | Bin 0 -> 396 bytes build/certs/self-signed-with-eku.der | Bin 0 -> 480 bytes build/certs/self-signed-with-ku.der | Bin 0 -> 501 bytes build/certs/testing-ca.der | Bin 0 -> 970 bytes build/certs/testing-server.der | Bin 0 -> 554 bytes build/certs/with-eku.conf | 19 + build/certs/with-ku.conf | 19 + common/Makefile.am | 15 +- common/compat.c | 107 ++ common/compat.h | 17 +- common/debug.c | 1 + common/debug.h | 11 + common/pkix.asn | 566 ++++++++ common/pkix.asn.h | 408 ++++++ common/tests/Makefile.am | 20 +- common/tests/frob-cert.c | 147 ++ common/tests/frob-eku.c | 101 ++ common/tests/frob-ku.c | 134 ++ configure.ac | 128 +- doc/Makefile.am | 2 + doc/p11-kit-config.xml | 10 + doc/p11-kit-devel.xml | 24 + doc/p11-kit-docs.sgml | 1 + doc/p11-kit-trust.xml | 90 ++ doc/style.css | 6 +- p11-kit/Makefile.am | 1 + p11-kit/conf.c | 37 - p11-kit/p11-kit-1.pc.in | 3 + trust/Makefile.am | 52 + trust/module.c | 1517 +++++++++++++++++++++ trust/module.h | 42 + trust/p11-kit-trust.module | 6 + trust/parser.c | 1103 +++++++++++++++ trust/parser.h | 108 ++ trust/session.c | 206 +++ trust/session.h | 78 ++ trust/tests/Makefile.am | 44 + trust/tests/anchors/cacert3.der | Bin 0 -> 1885 bytes trust/tests/anchors/testing-ca.der | Bin 0 -> 970 bytes trust/tests/certificates/cacert-ca.der | Bin 0 -> 1857 bytes trust/tests/certificates/self-signed-with-eku.der | Bin 0 -> 480 bytes trust/tests/certificates/self-signed-with-ku.der | Bin 0 -> 501 bytes trust/tests/files/cacert-ca.der | Bin 0 -> 1857 bytes trust/tests/files/cacert3.der | Bin 0 -> 1885 bytes trust/tests/files/self-server.der | Bin 0 -> 396 bytes trust/tests/files/testing-server.der | Bin 0 -> 554 bytes trust/tests/files/unrecognized-file.txt | 1 + trust/tests/test-data.c | 128 ++ trust/tests/test-data.h | 220 +++ trust/tests/test-module.c | 331 +++++ trust/tests/test-parser.c | 315 +++++ trust/tests/test-session.c | 160 +++ trust/tests/test-token.c | 106 ++ trust/token.c | 256 ++++ trust/token.h | 51 + 60 files changed, 6580 insertions(+), 47 deletions(-) commit 603c7d4eb996f51178ccc9d235597497bbb2c7a4 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-24 Add basic checksum algorithms The SHA-1 and MD5 digests here are used for checksums in legacy protocols. We don't use them in cryptographic contexts at all. These particular algorithms would be poor choices for that. .gitignore | 4 +- common/Makefile.am | 9 + common/checksum.c | 542 +++++++++++++++++++++++++++++++++++++++++++ common/checksum.h | 60 +++++ common/tests/Makefile.am | 2 + common/tests/test-checksum.c | 151 ++++++++++++ 6 files changed, 766 insertions(+), 2 deletions(-) commit f6db686846480e0611879c5f4751955a53859808 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-05 Remove the unused err() function and friends We want to use p11_message in our commands anyway, since that allows us control with --verbose and --quiet. common/compat.c | 164 -------------------------------------------------------- common/compat.h | 23 -------- 2 files changed, 187 deletions(-) commit 1ac3edf711b1cdb5e7fb8b1d6321fa855e07c1da Author: Stef Walter <stefw@gnome.org> Date: 2013-02-05 Tweak style of the manual * Unindent the main headings * Don't wrap options * Better spacing in table of contents * Don't have line numbers on code examples doc/Makefile.am | 5 ++++- doc/p11-kit-devel.xml | 4 ---- doc/p11-kit.xml | 2 -- doc/style.css | 23 +++++++++++++++++++++++ 4 files changed, 27 insertions(+), 7 deletions(-) commit 866e3204cee593817850f5e5c23a0bcf7af9c591 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-05 Add documentation about contributing to p11-kit HACKING | 34 ++------ doc/Makefile.am | 2 +- doc/p11-kit-config.xml | 4 +- doc/p11-kit-devel.xml | 223 +++++++++++++++++++++++++++++++++++++++++++++++++ doc/p11-kit-docs.sgml | 13 +-- doc/p11-kit-notes.xml | 48 ----------- 6 files changed, 241 insertions(+), 83 deletions(-) commit 28777eeebf38c13a43d0118a86391d2a487ad15b Author: Stef Walter <stefw@gnome.org> Date: 2013-02-05 Add a p11-kit tool manual page .gitignore | 1 + configure.ac | 4 ++ doc/Makefile.am | 33 +++++++++++++- doc/p11-kit-docs.sgml | 5 +++ doc/p11-kit.xml | 122 ++++++++++++++++++++++++++++++++++++-------------- 5 files changed, 130 insertions(+), 35 deletions(-) commit 23b18cb345afe061274ff73cd66fe8e6672fbcd4 Author: Stef Walter <stefw@gnome.org> Date: 2013-02-05 Change the documentation configure arg to --enable-doc * We're building more than just the gtk-doc reference Makefile.am | 2 +- configure.ac | 41 +++++++++++++++++++++++------------------ 2 files changed, 24 insertions(+), 19 deletions(-) commit 85751aa21dd9b93d8eb51e36767b5564ce6ce005 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-29 Add a /usr/share/p11-kit/modules directory for package module configs * Try to make /etc/pkcs11/modules for administrator use * Override the old pkg-config variables to help packages start using the new location configure.ac | 3 +++ doc/p11-kit-notes.xml | 4 ++-- p11-kit/Makefile.am | 4 ++++ p11-kit/conf.c | 8 ++++++-- p11-kit/conf.h | 3 ++- p11-kit/modules.c | 4 +++- p11-kit/p11-kit-1.pc.in | 13 +++++++------ p11-kit/tests/conf-test.c | 4 ++++ .../files/{system-modules => package-modules}/four.module | 0 .../{system-modules => package-modules}/win32/four.module | 0 10 files changed, 31 insertions(+), 12 deletions(-) commit a9790a21302f47016a88ba9a2c904bed11efb388 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-29 Make the p11-kit tool have distinct commands * Change the -l argument into the list-modules command. * Add proper functions for printing usage * Support for external commands in the path or /usr/share/p11-kit tools/Makefile.am | 9 +- tools/{p11-kit.c => list.c} | 99 +++++++------ tools/tool.c | 337 ++++++++++++++++++++++++++++++++++++++++++++ tools/tool.h | 56 ++++++++ 4 files changed, 459 insertions(+), 42 deletions(-) commit 15163fb9b7b03543da02d74d75d0f49c314f1c33 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-29 Add p11_kit_be_loud() function for use in tests and tools This does the opposite of p11_kit_be_quiet(). doc/p11-kit-sections.txt | 1 + p11-kit/p11-kit.h | 2 ++ p11-kit/util.c | 14 ++++++++++++++ 3 files changed, 17 insertions(+) commit cba41e5a46893b16cfbd845d55285894f4a43408 Author: Stef Walter <stefw@gnome.org> Date: 2012-08-23 Add internal function for turning on messages To be used from tests common/library.c | 8 ++++++++ common/library.h | 2 ++ 2 files changed, 10 insertions(+) commit 43a3f5df8124bb85567feb18975d19fa1b639b9f Author: Stef Walter <stefw@gnome.org> Date: 2013-01-24 Add more mock-module implementation * Move mock code into the common/ directory to be used by multiple components of p11-kit common/Makefile.am | 5 + common/mock.c | 3117 ++++++++++++++++++++++++++++++++++++++++ common/mock.h | 696 +++++++++ doc/Makefile.am | 3 + p11-kit/tests/Makefile.am | 14 +- p11-kit/tests/mock-module-ep.c | 4 +- p11-kit/tests/mock-module.c | 898 ------------ p11-kit/tests/mock-module.h | 337 ----- p11-kit/tests/test-init.c | 4 +- 9 files changed, 3835 insertions(+), 1243 deletions(-) commit 7ddff6795830deff6ec5fb1b8b0c704fbdea2c97 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-24 Further tweaks and cleanup for functions dealing with PKCS#11 attributes * Check that the size is correct when looking for a boolean or a ulong. * Make sure that the length is not the invalid negative ulong. * Functions for dumping out attribute contents * Make it possible to use attributes in hash tables common/attrs.c | 795 +++++++++++++++++++++++++++++++++++++++++++--- common/attrs.h | 59 +++- common/tests/test-attrs.c | 126 +++++++- 3 files changed, 910 insertions(+), 70 deletions(-) commit 322b4739cb51aa45568d9479224f2b07ac82a35f Author: Stef Walter <stefw@gnome.org> Date: 2013-01-24 Add generic buffer code Represents a block of memory that can be added to, parsed and so on common/Makefile.am | 1 + common/buffer.c | 180 ++++++++++++++++++++++++++++++++++++++ common/buffer.h | 82 +++++++++++++++++ common/tests/Makefile.am | 1 + common/tests/test-buffer.c | 214 +++++++++++++++++++++++++++++++++++++++++++++ p11-kit/uri.c | 93 ++++++++------------ 6 files changed, 515 insertions(+), 56 deletions(-) commit b28c936bd281c4b7ff9ed0f621b840f6d5a4b328 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-23 Use the stdbool.h C99 bool type It was getting really wild knowing whether a function returning an int would return -1 on failure or 0 or whether the int return value was actually a number etc.. common/array.c | 16 +++--- common/array.h | 4 +- common/attrs.c | 12 ++--- common/compat.h | 8 +++ common/debug.c | 8 +-- common/debug.h | 14 +++--- common/dict.c | 41 +++++++-------- common/dict.h | 26 +++++----- common/library.c | 4 +- common/tests/test-dict.c | 90 +++++++++++++++++---------------- configure.ac | 2 +- p11-kit/conf.c | 58 +++++++++++----------- p11-kit/conf.h | 6 +-- p11-kit/modules.c | 32 ++++++------ p11-kit/pin.c | 22 ++++----- p11-kit/tests/conf-test.c | 19 +++++-- p11-kit/tests/mock-module.c | 14 +++--- p11-kit/tests/uri-test.c | 41 +++++++++++++-- p11-kit/uri.c | 118 ++++++++++++++++++++++++++------------------ tools/p11-kit.c | 10 ++-- 20 files changed, 311 insertions(+), 234 deletions(-) commit 4671352fe2a4f56c6707322dcab0015e2e8600c4 Author: Stef Walter <stefw@gnome.org> Date: 2012-12-17 Only initialize p11-kit libraries once * Make the gcc constructor call p11_library_init_once() common/library.c | 14 ++++++++++---- common/library.h | 6 ++++-- 2 files changed, 14 insertions(+), 6 deletions(-) commit b39c9a7792824dfa8a05926261315356d9007098 Author: Stef Walter <stefw@gnome.org> Date: 2012-12-10 Set strict debug preconditions during testing common/tests/test-attrs.c | 4 ++++ p11-kit/tests/conf-test.c | 1 + p11-kit/tests/pin-test.c | 1 + p11-kit/tests/progname-test.c | 1 + p11-kit/tests/test-init.c | 1 + p11-kit/tests/test-modules.c | 1 + p11-kit/tests/uri-test.c | 1 + 7 files changed, 10 insertions(+) commit 3ebc9a78d4bca0b630a8b887ab93d6cc654f2cb2 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-07 Add common functions for manipulating CK_ATTRIBUTE arrays common/Makefile.am | 1 + common/attrs.c | 310 +++++++++++++++++++++++++++ common/attrs.h | 86 ++++++++ common/tests/Makefile.am | 1 + common/tests/test-attrs.c | 518 ++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 2 +- p11-kit/tests/uri-test.c | 6 +- p11-kit/uri.c | 207 +++++------------- 8 files changed, 977 insertions(+), 154 deletions(-) commit 4a0bd25fcafae57ef2ae0cfe8676eee2332d5951 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-02 Move the pkcs11.h header files into common directory * Allows use of them across the whole project * Put a stub file in the p11-kit/ directory, so we can still refer to the headers using that path, which is what it will be at when in the installed includes directory. common/Makefile.am | 7 + common/pkcs11.h | 1373 +++++++++++++++++++++++++++++++++++++++++++++++++ common/pkcs11x.h | 155 ++++++ p11-kit/Makefile.am | 3 +- p11-kit/pkcs11.h | 1413 ++------------------------------------------------- 5 files changed, 1577 insertions(+), 1374 deletions(-) commit 8fb222266c5bf9181cd934c27528507d45476dad Author: Stef Walter <stefw@gnome.org> Date: 2013-01-08 Build common code into noinst libraries * This is cleaner than building the same source files all over the place over and over. * Works better with code coverage. common/Makefile.am | 12 ++++++++++-- common/tests/Makefile.am | 14 +++++--------- p11-kit/Makefile.am | 34 ++++++++-------------------------- p11-kit/tests/Makefile.am | 8 ++++++-- tools/Makefile.am | 12 ++++++++---- 5 files changed, 37 insertions(+), 43 deletions(-) commit 3d503948450d69293a3fdfec096e398fedf714f2 Author: Stef Walter <stefw@gnome.org> Date: 2012-12-06 Move debug and library code into the common/ subdirectory Start using p11_ as our internal prefix rather than _p11_. We explicitly export p11_kit_ so this is fine as far as visibility. Move the threading, mutex, and module compat, dict, and array code into the common directory too. Take this opportunity to clean up a bit of internal API as well, since so many lines are being touched internally. .gitignore | 32 ++- Makefile.am | 13 +- build/Makefile.am | 11 + build/Makefile.tests | 8 + {tests => build}/cutest/CuTest.c | 0 {tests => build}/cutest/CuTest.h | 0 {tests => build}/cutest/README.txt | 0 {tests => build}/cutest/license.txt | 0 {m4 => build/m4}/.empty | 0 common/Makefile.am | 11 + p11-kit/ptr-array.c => common/array.c | 89 ++---- p11-kit/ptr-array.h => common/array.h | 35 ++- common/compat.c | 95 ++++++ common/compat.h | 123 ++++++++ {p11-kit => common}/debug.c | 20 +- {p11-kit => common}/debug.h | 74 ++--- p11-kit/hashmap.c => common/dict.c | 244 ++++++++-------- p11-kit/hashmap.h => common/dict.h | 101 +++---- common/library.c | 286 ++++++++++++++++++ common/library.h | 80 ++++++ common/tests/Makefile.am | 32 +++ common/tests/test-array.c | 194 +++++++++++++ tests/hash-test.c => common/tests/test-dict.c | 158 +++++----- configure.ac | 7 +- doc/Makefile.am | 11 +- p11-kit/Makefile.am | 54 ++-- p11-kit/conf.c | 116 ++++---- p11-kit/conf.h | 14 +- p11-kit/modules.c | 318 +++++++++++---------- p11-kit/pin.c | 78 ++--- p11-kit/private.h | 41 --- p11-kit/proxy.c | 86 +++--- {tests => p11-kit/tests}/Makefile.am | 25 +- {tests => p11-kit/tests}/conf-test.c | 201 ++++++------- .../tests}/files/system-modules/four.module | 0 .../tests}/files/system-modules/one.module | 0 .../files/system-modules/two-duplicate.module | 0 .../tests}/files/system-modules/two.badname | 0 .../tests}/files/system-modules/win32/four.module | 0 .../tests}/files/system-modules/win32/one.module | 0 .../system-modules/win32/two-duplicate.module | 0 .../tests}/files/system-modules/win32/two.badname | 0 {tests => p11-kit/tests}/files/system-pkcs11.conf | 0 {tests => p11-kit/tests}/files/test-1.conf | 0 {tests => p11-kit/tests}/files/test-pinfile | 0 {tests => p11-kit/tests}/files/test-pinfile-large | 0 .../tests}/files/test-system-invalid.conf | 0 .../tests}/files/test-system-merge.conf | 0 .../tests}/files/test-system-none.conf | 0 .../tests}/files/test-system-only.conf | 0 .../tests}/files/test-user-invalid.conf | 0 {tests => p11-kit/tests}/files/test-user-only.conf | 0 {tests => p11-kit/tests}/files/test-user.conf | 0 .../tests}/files/user-modules/one.module | 0 .../tests}/files/user-modules/three.module | 0 .../tests}/files/user-modules/win32/one.module | 0 .../tests}/files/user-modules/win32/three.module | 0 {tests => p11-kit/tests}/mock-module-ep.c | 0 {tests => p11-kit/tests}/mock-module.c | 16 +- {tests => p11-kit/tests}/mock-module.h | 0 {tests => p11-kit/tests}/pin-test.c | 4 +- {tests => p11-kit/tests}/print-messages.c | 0 {tests => p11-kit/tests}/progname-test.c | 21 +- {tests => p11-kit/tests}/test-init.c | 31 +- {tests => p11-kit/tests}/test-modules.c | 25 +- {tests => p11-kit/tests}/uri-test.c | 4 +- p11-kit/uri.c | 6 +- p11-kit/util.c | 318 ++------------------- p11-kit/util.h | 158 ---------- tests/ptr-array-test.c | 257 ----------------- 70 files changed, 1746 insertions(+), 1651 deletions(-) commit c343f355b6abfe65adc696b57b18dc57c834acbc Author: Pankaj Sharma <pankaj.cscience@gmail.com> Date: 2012-12-24 Fix leak when initializing the proxy module https://bugs.freedesktop.org/show_bug.cgi?id=58704 p11-kit/proxy.c | 2 ++ 1 file changed, 2 insertions(+) commit 8b4c3561d9681096d588d599d049a77bea68470b Author: Stef Walter <stefw@gnome.org> Date: 2013-01-09 Documentation fixes for PIN functions p11-kit/pin.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit e8aa2fa8f3a085ca514e7b305ff91e2c77e5e6f4 Author: Pankaj Sharma <pankaj.cscience@gmail.com> Date: 2012-12-24 Fix file descriptor leak in p11_kit_pin_file_callback() * Close the file descriptor used to read the the pin file https://bugs.freedesktop.org/show_bug.cgi?id=58706 p11-kit/pin.c | 2 ++ 1 file changed, 2 insertions(+) commit 488a466935d7995c803880ed258792f8a99095c0 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-08 Distribute HACKING in the tarball Makefile.am | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 6ac5af8deece74c383c912f2003b9650c87317b8 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-07 Fix documentation warnings. * P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably never actually be returned. But kept for API compatibility. * make distcheck doc fix doc/Makefile.am | 2 +- doc/p11-kit-sections.txt | 3 ++- p11-kit/uri.c | 9 ++++++--- 3 files changed, 9 insertions(+), 5 deletions(-) commit e2b5bba185c96bf4ecddfe22d34ace02706122b4 Author: Stef Walter <stefw@gnome.org> Date: 2013-01-07 Guarantee that the key is freed when replaced * When setting a key in a map that already exists, then free the old key and replace with the new one. * Fix related bug where key was not properly allocated * Add tests for this https://bugs.freedesktop.org/show_bug.cgi?id=59087 p11-kit/hashmap.c | 7 ++- p11-kit/modules.c | 6 ++- tests/hash-test.c | 124 +++++++++++++++++++++++++++++++++++++++--------------- 3 files changed, 102 insertions(+), 35 deletions(-) commit 1559a3e43637406c8b56e880ba00c96bdd16462c Author: Stef Walter <stefw@gnome.org> Date: 2012-11-14 Don't complain if we cannot access ~/.pkcs11/pkcs11.conf * If a process is running under selinux it may not be able to access the home directory of the uid that it is running as. https://bugs.freedesktop.org/show_bug.cgi?id=57115 p11-kit/conf.c | 42 +++++++++++++++++++++++++++++++++--------- p11-kit/conf.h | 1 + 2 files changed, 34 insertions(+), 9 deletions(-) commit b5de8e1d514794f6ec3e8d79a766a9dae9eab6ea Author: Stef Walter <stefw@gnome.org> Date: 2012-09-18 Refuse to load the p11-kit-proxy.so as a registered module * Since p11-kit-proxy.so is a symlink to the libp11-kit.so library we check that we are not calling into our known CK_FUNCTION_LIST for the proxy code. * Although such a configuration is invalid, detecting this directly prevents strange initialization loop issues that are hard to debug. https://bugs.freedesktop.org/show_bug.cgi?id=55052 p11-kit/modules.c | 14 ++++++++++---- p11-kit/private.h | 1 + p11-kit/proxy.c | 7 ++----- 3 files changed, 13 insertions(+), 9 deletions(-) commit 3e82c6182d913a3fd5cf904342a9a6fa44aef0d6 Author: Stef Walter <stefw@gnome.org> Date: 2012-09-18 Don't fail initialization if last initialized module fails * We weren't resetting the result code after a failure, so even though failures for critical modules didn't interrupt the initialization loop, the result still leaked to callers. * Also print an error message clearly indicating that a module failed to initialize, regardless of whether critical or not. https://bugs.freedesktop.org/show_bug.cgi?id=55051 p11-kit/modules.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 37889e5f7ca5e2e45442f98dc84efb70d2acf907 Author: Stef Walter <stefw@gnome.org> Date: 2012-09-06 Release version 0.14 NEWS | 8 ++++++++ configure.ac | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit bb6949da2fd071d879a13f8e24389fef697b451a Author: Stef Walter <stefw@gnome.org> Date: 2012-09-06 Change the default of 'user-config' to merge. * This allows user configured PKCS#11 modules by default. * Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf to go back to the previous behavior. * Posted to the mailing list. doc/p11-kit-config.xml | 4 ++-- p11-kit/conf.c | 2 +- p11-kit/pkcs11.conf.example.in | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) commit 56860b7f72c444eed5923e11d735b85b630a171d Author: Antoine Jacoutot <ajacoutot@openbsd.org> Date: 2012-08-23 configure.ac: Fix bogus comma, and fix up spacing * Fixes a mistake in the previous commit https://bugs.freedesktop.org/show_bug.cgi?id=53706 configure.ac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 359bb15bc83484e4de69fa8dbc9113d97817d01e Author: Antoine Jacoutot <ajacoutot@openbsd.org> Date: 2012-08-21 Use AC_LANG_PROGRAM to detect program_invocation_short_name functionality Were erroneusly detecting program_invocation_short_name on OpenBSD https://bugs.freedesktop.org/show_bug.cgi?id=53706 configure.ac | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 61abcb61e8b8e988dd03cfd4553f29132a8ca38a Author: Rob McMahon <Rob.McMahon@warwick.ac.uk> Date: 2012-07-31 Fix build on solaris * Conditional inclusion of the errno.h header * Link librt when appropriate for nanosleep https://bugs.freedesktop.org/show_bug.cgi?id=52261 common/compat.h | 4 ++++ configure.ac | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) commit 76180db6b326f8c87aef5b3eded9463432ce8d82 Author: Dan Winship <danw@gnome.org> Date: 2012-07-27 Always encode the "id" attribute in URIs Per recommendation of the spec. https://bugs.freedesktop.org/show_bug.cgi?id=52606 p11-kit/uri.c | 24 ++++++++++++++---------- tests/uri-test.c | 2 +- 2 files changed, 15 insertions(+), 11 deletions(-) commit c6fc7b3ac4c6d4595f17989cff220d6d6dafe620 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-17 Initialize mutexes correctly in mock module https://bugzilla.gnome.org/show_bug.cgi?id=44740 tests/mock-module-ep.c | 1 + tests/mock-module.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) commit 1f428d62a13e481aa51d1fcee0c4652dc9ef7a72 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-17 Fix warning on windows https://bugzilla.gnome.org/show_bug.cgi?id=44740 tests/conf-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 542cb48951b7c4c21ca3669d07bf936b0fa58b42 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-17 Don't rely on loading order for duplicate modules * We had relied on module 'two' loading before 'two-duplicate' in the conf tests. However this isn't always the case, and the name of the module can end up as 'two-duplicate' https://bugzilla.gnome.org/show_bug.cgi?id=44740 tests/Makefile.am | 7 ++++++- tests/files/system-modules/four.module | 3 +++ tests/files/system-modules/two.badname | 2 -- tests/files/system-modules/win32/four.module | 3 +++ tests/test-modules.c | 6 +++--- 5 files changed, 15 insertions(+), 6 deletions(-) commit 06595e93ff57e97adbb313aebc50a2e32acd6039 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-17 Use Windows thread ids instead of handles for comparisons * It seems that the HANDLE's returned from GetCurrentThread are often equal for two threads. GetCurrentThreadID doesn't have this problem. * Separate our cross platform thread_t and thread_id_t types even though on unix they're the same thing. https://bugzilla.gnome.org/show_bug.cgi?id=44740 p11-kit/modules.c | 6 +++--- p11-kit/util.h | 11 ++++++++--- 2 files changed, 11 insertions(+), 6 deletions(-) commit 356377709cd1de1308d9d8cf15f528578a360cf3 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-17 Use correct shared library extension on windows * The windows shared libraries have the .dll extension * This means we also need separate directories for the test module configs on win32 https://bugzilla.gnome.org/show_bug.cgi?id=44740 configure.ac | 4 ++++ p11-kit/Makefile.am | 14 ++++++++++++++ tests/files/system-modules/win32/one.module | 3 +++ tests/files/system-modules/win32/two-duplicate.module | 3 +++ tests/files/system-modules/win32/two.badname | 5 +++++ tests/files/user-modules/win32/one.module | 2 ++ tests/files/user-modules/win32/three.module | 5 +++++ tests/test-init.c | 2 +- 8 files changed, 37 insertions(+), 1 deletion(-) commit f10d361a5b523ce7f9289ba8d45ccd847510d619 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-16 Use '.module' extension on module configs * And want alphanumeric/_.- filenames * Currently this is just a warning, soon it will be enforced * The name of a module does not include the extension Andreas Metzler and Ubuntu both worked on this patch, and I've made some more changes. See https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/911436 https://bugs.freedesktop.org/show_bug.cgi?id=52158 doc/p11-kit-config.xml | 7 ++- p11-kit/conf.c | 56 ++++++++++++++++++++-- tests/conf-test.c | 23 ++++++--- tests/files/system-modules/{one => one.module} | 0 tests/files/system-modules/two | 5 -- .../{two-duplicate => two-duplicate.module} | 0 tests/files/system-modules/two.badname | 7 +++ tests/files/user-modules/{one => one.module} | 0 tests/files/user-modules/{three => three.module} | 0 tests/test-modules.c | 4 +- 10 files changed, 82 insertions(+), 20 deletions(-) commit c0251b132cad98318be0565f676b9fa92dd1b8b4 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-24 Fix compiler warning about uninitialized variable p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 45c4936ba0d5e3de7813c47811b277bed1c71576 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-24 Don't use strict aliasing during compilation * Due to the way in which we pass pointers of different types to _p11_hash_iter_next() configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5cd198107374ff1879767679d29df0ce78f9427f Author: Stef Walter <stefw@gnome.org> Date: 2012-07-17 Fix getprogname() running under wine * Wine uses normal slashes instead of backslashes on windows common/compat.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit d51914b6483b7ddc806ee3861084aa98ee97a7fb Author: Stef Walter <stefw@gnome.org> Date: 2012-07-17 Use EFBIG as the error code when pin file is too large * The previous EOVERFLOW was not supported on mingw p11-kit/pin.c | 2 +- tests/pin-test.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 4a6a685c03bd92566c1656f1af3662ca7deecefa Author: Stef Walter <stefw@gnome.org> Date: 2012-07-16 Don't define duplicate symbols * clang was giving a build failure here. tests/mock-module.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 023efacf30a7ae4ee5a76f909f973fa5058bb7b9 Author: Stef Walter <stefw@gnome.org> Date: 2012-07-16 Release version 0.13 NEWS | 14 ++++++++++++++ configure.ac | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) commit 413ca6be40a4f9351f12030c791544edd5a52e16 Author: Stef Walter <stefw@gnome.org> Date: 2012-06-29 Don't allow reading of pin files larger than 4096 bytes * p11_kit_pin_file_callback() only returns pins up to 4096 bytes now p11-kit/pin.c | 19 +++++++++------ tests/files/test-pinfile-large | 53 ++++++++++++++++++++++++++++++++++++++++++ tests/pin-test.c | 26 +++++++++++++++++++++ 3 files changed, 91 insertions(+), 7 deletions(-) commit da2606bfbbdbd36d5e42bf2acf614735dfc515d2 Author: Stef Walter <stefw@gnome.org> Date: 2012-06-29 Win32 build fixes * Remove unused functions * Use getprogname() instead of calc_progname() which no longer exists * Fix up exporting of functions in the mock module common/compat.c | 11 +++++++---- configure.ac | 2 ++ p11-kit/util.c | 26 -------------------------- tests/mock-module-ep.c | 1 + 4 files changed, 10 insertions(+), 30 deletions(-) commit 89602ce99feb7e8c5a37634c3f577532f82eddbd Author: Stef Walter <stefw@gnome.org> Date: 2012-06-27 tools: Don't barf when p11-kit -h tools/p11-kit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 483db3ee5d0c0e92dd8ecd8bf0cbefaa6254b6eb Author: Stef Walter <stefw@gnome.org> Date: 2012-06-27 If a module is not marked 'critical' then ignore failure * Ignore failure when initializing registered modules when 'critical' is not set on a module. p11-kit/modules.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit 59774b11eb478cc714a6c5da937e89c6089fd833 Author: Stef Walter <stefw@gnome.org> Date: 2012-06-08 Fix the flags in pin.h * Due to a brain fart the P11_KIT_PIN_* flags were not bit flags but decimal numbers. * This necessarily breaks API/ABI for users of the P11_KIT_PIN_FLAGS_RETRY, P11_KIT_PIN_FLAGS_MANY_TRIES and P11_KIT_PIN_FLAGS_FINAL_TRY flags. But those wouldn't have worked anyway. p11-kit/pin.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit caa953cba4d2d0cdd4823eb2f1c4f24bbf18a231 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-13 Preconditions to check for input probs and out of memory * We don't try to guarantee completely robust and problem free behavior in cases where the caller or process isn't behaving. We consider these to be outside of our control. HACKING | 31 ++++++++++++ p11-kit/conf.c | 76 +++++++++--------------------- p11-kit/debug.c | 19 ++++++++ p11-kit/debug.h | 30 ++++++++++++ p11-kit/modules.c | 85 +++++++++++++++++---------------- p11-kit/pin.c | 138 ++++++++++++++++++++++++++---------------------------- p11-kit/proxy.c | 27 ++++------- p11-kit/uri.c | 112 ++++++++++++++++++++------------------------ p11-kit/uri.h | 4 +- p11-kit/util.c | 9 ---- p11-kit/util.h | 2 - tests/Makefile.am | 3 +- tests/test-init.c | 68 ++++++++++++++++++++++++++- tests/uri-test.c | 12 ++++- 14 files changed, 352 insertions(+), 264 deletions(-) commit 7bd4114182fcc86cd2515708fdf4d76622e0237d Author: Stef Walter <stefw@gnome.org> Date: 2012-05-13 Use gcc extensions to check varargs during compile * Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check correct printf and NULL terminated style varargs common/compat.h | 24 ++++++++++++++++++------ p11-kit/conf.c | 11 ++++++++--- p11-kit/debug.h | 4 +++- p11-kit/modules.c | 7 +++++-- p11-kit/private.h | 4 +++- tests/Makefile.am | 1 + 6 files changed, 38 insertions(+), 13 deletions(-) commit 14b0be4353e5c4464cb9f61e419a2f8caf8757d0 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-01 Fix test modules linking errors * And display warning messages in the debug output p11-kit/Makefile.am | 2 ++ p11-kit/util.c | 1 + 2 files changed, 3 insertions(+) commit fed549ee2049a318081cfce3fde01ae625263d98 Author: Stef Walter <stefw@gnome.org> Date: 2012-05-01 Provide compat getprogname() implementations on other OS's * And use them in our replacement err() and p11_kit_set_progname() common/compat.c | 87 +++++++++++++++++++++++++++++++++++++++-------------- common/compat.h | 10 ++++-- p11-kit/Makefile.am | 7 ++++- p11-kit/util.c | 38 ++--------------------- tools/Makefile.am | 1 + tools/p11-kit.c | 2 +- 6 files changed, 81 insertions(+), 64 deletions(-) commit a3bcb9037ddf6657f79f0aae42aa83dd2b8f6b14 Author: Stef Walter <stefw@gnome.org> Date: 2012-04-30 Move the compat.[ch] headers into common directory/ * And the compat stuff in the p11-kit directory merged into util.c and util.h {tools => common}/compat.c | 0 {tools => common}/compat.h | 0 p11-kit/Makefile.am | 3 +- p11-kit/compat.c | 114 ---------------------------------- p11-kit/compat.h | 149 --------------------------------------------- p11-kit/conf.c | 2 +- p11-kit/debug.c | 1 - p11-kit/private.h | 2 +- p11-kit/util.c | 66 ++++++++++++++++++++ p11-kit/util.h | 111 +++++++++++++++++++++++++++++++++ tests/mock-module.c | 2 +- tests/test-init.c | 2 +- tools/Makefile.am | 3 +- tools/p11-kit.c | 4 +- 14 files changed, 186 insertions(+), 273 deletions(-) commit eeb40dccb63682367e03f52750355bf5951edff7 Author: Stef Walter <stefw@gnome.org> Date: 2012-04-16 Doc tweaks for PIN functionality p11-kit/pin.c | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) commit 85f9d306832964f6d6412392f335e1fa3f3efd8b Author: Stef Walter <stefw@gnome.org> Date: 2012-04-02 Add tests for enable-in and disable-in p11-kit/Makefile.am | 8 +-- p11-kit/modules.c | 4 +- tests/Makefile.am | 4 +- tests/conf-test.c | 16 ++--- tests/files/system-modules/two | 4 +- tests/files/system-pkcs11.conf | 3 + tests/files/user-modules/three | 4 +- tests/test-modules.c | 156 ++++++++++++++++++++++++++++++++++++++--- 8 files changed, 171 insertions(+), 28 deletions(-) commit d4c5661a695b5fc4a0126a4583e30ef70aea54ac Author: Stef Walter <stefw@gnome.org> Date: 2012-04-02 Build some test modules for testing main p11-kit functionality * And put together a test for duplicate modules p11-kit/Makefile.am | 29 ++++++-- tests/Makefile.am | 32 +++++++-- tests/conf-test.c | 16 ++--- tests/files/system-modules/one | 2 +- tests/files/system-modules/two | 2 +- tests/files/system-modules/two-duplicate | 3 + tests/files/user-modules/three | 2 +- tests/mock-module-ep.c | 50 ++++++++++++++ tests/test-modules.c | 111 +++++++++++++++++++++++++++++++ 9 files changed, 225 insertions(+), 22 deletions(-) commit c43038d82edcfd878ff66e3aa7fe247f53876f9b Author: Stef Walter <stefw@gnome.org> Date: 2012-02-27 Add more p11-kit cleanup to fix valgrind leak reports * per-thread memory isn't actually a real memory leak, but was still reachable after exit, so clean this up. p11-kit/util.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit ff9926b8dcead91e7fc6d08d0ca1d2d8cc982308 Author: Stef Walter <stefw@gnome.org> Date: 2012-04-01 Fix crasher when a duplicate module is present p11-kit/modules.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit a899d9be0cab72dcfe00f100527c52ea598fed70 Author: Stef Walter <stefw@gnome.org> Date: 2012-04-01 Add enable-in and disable-in options to module config * These can be used to load certain modules in certain programs, or prevent loading in others. * Useful for a key manager like seahorse, so we can load extra modules (think NSS) that other modules shouldn't load. .gitignore | 2 + configure.ac | 12 ++++- doc/p11-kit-config.xml | 27 +++++++++++ doc/p11-kit-sections.txt | 1 + p11-kit/modules.c | 75 ++++++++++++++++++++++++++++++- p11-kit/p11-kit.h | 2 + p11-kit/private.h | 4 ++ p11-kit/util.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++- tests/Makefile.am | 2 + tests/progname-test.c | 110 +++++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 346 insertions(+), 4 deletions(-) commit af8d28014f97ab0d9e4d00961e72aefd7adb470b Author: Stef Walter <stefw@gnome.org> Date: 2012-03-27 Fix broken hashmap behavior * We were relying on undefined gcc behavior related to the & operator. * This would show up as a test failure when running with -O2 on certain GCC versions, as well as failure on clang 3.1 p11-kit/hashmap.c | 12 +++++------- tests/hash-test.c | 2 -- 2 files changed, 5 insertions(+), 9 deletions(-) commit f40f63c2b608a399df431df366bf681e6b2bb20e Author: Stef Walter <stefw@gnome.org> Date: 2012-03-19 Remove p11-kit.pot file from git * Generated automatically .gitignore | 1 + po/p11-kit.pot | 343 --------------------------------------------------------- 2 files changed, 1 insertion(+), 343 deletions(-) commit bbd0c4dcde10197df1473ffc5641cafe2173a676 Author: Stef Walter <stefw@gnome.org> Date: 2012-03-09 Release version 0.12 NEWS | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit 300c84133390363a543854e5cd0ac3dd9018544e Author: Simon Josefsson <simon@josefsson.org> Date: 2012-03-08 Fix build problem due to pthread extensions usage See: http://ipozgaj.blogspot.com/2006/08/posix-threads-and-manual-pages-rant.htm configure.ac | 1 + 1 file changed, 1 insertion(+) commit 632e268fa86ad8ba55d34044ccc325c20c8fc0c7 Author: Stef Walter <stefw@collabora.co.uk> Date: 2012-02-07 Release 0.11 NEWS | 3 +++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) commit 53c34e8ff80500d6ef9366453e88c27a3a52ee46 Author: Stef Walter <stefw@gnome.org> Date: 2012-01-23 Remove automatic reinitialization of PKCS#11 after fork * First of all one should only call async-signal-safe functions from the callbacks of pthread_atfork(), and so we cannot reinitialize directly. * Some modules use pthread_atfork() to detect forking and setup their internal state. If we call into them in our pthread_atfork() callback then this is inherently racy. * There was danger of endless loops and deadlocks which are caused by handlers which fork in their C_Initialize * Many processes do fork/exec, reinitializing PKCS#11 for these forks is quite resourc intensive when the child process won't use PKCS#11 at all. p11-kit/modules.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) commit 001d59596a37369d094edcace455f611d9f55908 Author: Stef Walter <stefw@collabora.co.uk> Date: 2012-01-03 Release version 0.10 NEWS | 3 +++ configure.ac | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit 049e556d043aa6ecfbf32a70dae6e7e5e8eb69d3 Author: Stef Walter <stefw@collabora.co.uk> Date: 2012-01-02 Fix build warning on mingw64 p11-kit/hashmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 83dcc15d1d97218004137769ff68e2e8119f1d80 Author: Andreas Metzler <ametzler@downhill.at.eu.org> Date: 2011-12-23 Compile CuTest.c separately. Use regular compile and link instead of having #include "CuTest.c" in every test. Works around gcc optimization issue. tests/Makefile.am | 10 +++++++++- tests/conf-test.c | 2 -- tests/hash-test.c | 2 -- tests/pin-test.c | 2 -- tests/ptr-array-test.c | 2 -- tests/test-init.c | 2 -- tests/uri-test.c | 2 -- 7 files changed, 9 insertions(+), 13 deletions(-) commit 2da833b0ca9539c12745d2f9fef1e7be7c7792dc Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-12-20 Reorganize tests, work around optimization bug * Encountered a gcc optimization bug in gcc 4.6.1 which seems to be reordering related function calls eroneously. This bug seems to be fixed in 4.6.2. * Reorganize test code to get around this bug building on mingw, and ubuntu 11.10, both of which use gcc 4.6.1 tests/hash-test.c | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) commit 9328bb7f0aed047dea47e8674e19865d90d423a5 Author: Andreas Metzler <ametzler@downhill.at.eu.org> Date: 2011-12-09 Run tests correctly in automake * This allows failing tests to stop the build tests/Makefile.am | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 336d8af58ea3d00a20a56937b11236a6bf2679dd Author: Michael Cronenworth <mike@cchtml.com> Date: 2011-11-25 Build fix for MinGW w64 p11-kit/compat.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit e18725f71e0f070a54d763cbba7797031828dd95 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-11-14 Release version 0.9 NEWS | 6 ++++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) commit d3dfc6968e54b919c90967a486d20066b0f5bf57 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-11-02 Reduce autofoo dependencies * automake 1.10 (although can benefit from some 1.11 features) * autoconf 2.61 configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9ccc74f384ee100ec522e012ea543437b1df123c Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-11-01 An intelligent error message when gettextize is not around autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7370d64c18b795a63eda40efcc9e786b821cb7f7 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-30 p11-kit can't be used as a static library * It just doesn't make sense. * The initialization refcounting in particular can only work as a shared library. configure.ac | 4 ++++ 1 file changed, 4 insertions(+) commit df0ed92f44fa168c0d02866796f3707687f43214 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-29 Fix problems crashing when freeing TLS on windows p11-kit/util.c | 2 ++ 1 file changed, 2 insertions(+) commit 922d53016955c0ff2d6d830d726f0d1ea3a5804b Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-29 Add debug output to windows init and uninit of library p11-kit/util.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit c940667c434fe64cf4d01cec0873044c54e7f174 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-29 Make build not depend on gtk-doc or pkg-config * If enabled, gtk-doc can be used, but we no longer expect the gtkdoc autoconf/automake macro files to be installed. * pkg-config is no longer used for checks. * We still do install pkg-config files, and this is the preferred way to build against and link to p11-kit. configure.ac | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 2 deletions(-) commit 0792fefb2bc9d5db038b48855f0b1bb138653332 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-29 Handle build case when gettextize is not available or not installed autogen.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 969bcab592878322e410f4342a61fccc06b9addd Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-27 Fix build with clang * Just removed some unused functions that used GNUC extensions tests/cutest/CuTest.c | 10 ---------- tests/cutest/CuTest.h | 5 ----- 2 files changed, 15 deletions(-) commit 77bab108dd2a7d1c55468cc991c22397fb5f8ba5 Author: Dr. Volker Zell <dr.volker.zell@oracle.com> Date: 2011-10-25 Fix broken build on cygwin and mingw * Add correct linking options for libintl p11-kit/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) commit 69f7eaa0508326f07832b91557f9e1ad8e6864c6 Author: Michael Cronenworth <mike@cchtml.com> Date: 2011-10-25 Fix broken build on windows * The debug_init() call needed a rename to _p11_debug_init() to match the non-Win32 code. p11-kit/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 190aee9cdf44d257333d7ef9e29113a07f1516c9 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-24 Release version 0.8 NEWS | 7 +++++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) commit 138c046a5ff1b0e532896b4d640c0cba6ead4027 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-24 More fixes for non-static function names * See previous commit * Initialize library before debug statements p11-kit/conf.c | 8 +++---- p11-kit/debug.c | 7 ------- p11-kit/debug.h | 16 +++++++------- p11-kit/modules.c | 62 +++++++++++++++++++++++++++---------------------------- p11-kit/proxy.c | 14 ++++++++----- p11-kit/uri.c | 2 +- 6 files changed, 53 insertions(+), 56 deletions(-) commit 5507dc4946f0a68cece5ec9e7096e0f9b8c55984 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-24 Rename non-static functions to have a _p11_xxx prefix. * Work around issues with brain-dead linkers not respecting the libtool -export-symbol-regex argument https://bugs.freedesktop.org/show_bug.cgi?id=42020 p11-kit/compat.c | 8 +-- p11-kit/compat.h | 48 +++++++-------- p11-kit/conf.c | 36 +++++------ p11-kit/debug.c | 17 +++--- p11-kit/debug.h | 12 ++-- p11-kit/hashmap.c | 68 +++++++++++++-------- p11-kit/hashmap.h | 63 +++++++++---------- p11-kit/modules.c | 110 ++++++++++++++++----------------- p11-kit/pin.c | 40 ++++++------ p11-kit/private.h | 4 +- p11-kit/proxy.c | 18 +++--- p11-kit/ptr-array.c | 28 +++++---- p11-kit/ptr-array.h | 14 ++--- p11-kit/uri.c | 2 +- p11-kit/util.c | 12 ++-- p11-kit/util.h | 2 +- tests/conf-test.c | 140 +++++++++++++++++++++--------------------- tests/hash-test.c | 162 ++++++++++++++++++++++++------------------------- tests/mock-module.c | 10 +-- tests/ptr-array-test.c | 122 ++++++++++++++++++------------------- tests/test-init.c | 22 +++---- tests/uri-test.c | 5 +- 22 files changed, 484 insertions(+), 459 deletions(-) commit db92b76e3acb11e330309ebce071ec2e61400a71 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-17 Initial port to win32 * Tests do not all yet pass, at least not on wine * Added abstraction of some non-portable functions in compat.h/c * Build with an argument like this for win32 support: ./autogen.sh --host=i586-mingw32msvc * This win32 port needs more work from interested parties .gitignore | 3 + configure.ac | 35 ++++++-- doc/Makefile.am | 2 +- p11-kit/Makefile.am | 1 + p11-kit/compat.c | 114 ++++++++++++++++++++++++++ p11-kit/compat.h | 143 ++++++++++++++++++++++++++++++++ p11-kit/conf.c | 64 ++++++++++----- p11-kit/debug.c | 31 +++---- p11-kit/debug.h | 2 + p11-kit/modules.c | 104 +++++++++++------------- p11-kit/private.h | 40 +++++++-- p11-kit/proxy.c | 7 +- p11-kit/util.c | 188 +++++++++++++++++++++++++++++++++++-------- tests/Makefile.am | 16 ++-- tests/conf-test.c | 2 + tests/mock-module.c | 20 +++-- tests/mock-module.h | 1 + tests/pin-test.c | 3 + tests/test-init.c | 56 +++++++------ tools/Makefile.am | 4 + tools/compat.c | 228 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/compat.h | 63 +++++++++++++++ tools/p11-kit.c | 5 +- 23 files changed, 952 insertions(+), 180 deletions(-) commit b1d9fd5f88ade222fbd2206c7e11c5514c8b5634 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-10 Fix up the build options. * --enable-debug turns off optimization * --disable-debug turns off debugging output, debug symbols * --enable-strict turns on -Werror configure.ac | 123 ++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 66 insertions(+), 57 deletions(-) commit 73880f950a7dadf712730222ac1b6ea11400746f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-10 Only call C_Initialize and C_Finalize once per module * Do not concurretnly call C_Initialize or C_Finalize in a module * The PKCS#11 spec indicates that mone thread should call those functions. * It's reasonable for a module to expect to only be initialized or finalized in one thread. * In particular NSS does not lock its C_Initialize or C_Finalize. p11-kit/modules.c | 117 ++++++++++++++++++++++++++++------------------------ tests/mock-module.c | 4 +- tests/test-init.c | 105 +++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 168 insertions(+), 58 deletions(-) commit 630ce95d7b9ec3ac3cbe71f75910711369274314 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-10 Combine initialization tests tests/Makefile.am | 14 ++---- tests/{test-fork.c => test-init.c} | 34 ++++++++++++- tests/test-recursive.c | 98 -------------------------------------- 3 files changed, 36 insertions(+), 110 deletions(-) commit d5a004ded8a0acdb7aa2100b8e116f19d0d9e402 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-10 Don't allow recursive calling of C_Initialize on a given module. p11-kit/modules.c | 9 ++++- tests/Makefile.am | 10 ++++-- tests/test-recursive.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+), 3 deletions(-) commit 591c1c14f2ebbcbc3f621456e31e2af1d26820b8 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-10-10 Rename p11-kit test .gitignore | 2 ++ tests/Makefile.am | 6 +++--- tests/{p11-test.c => test-fork.c} | 0 3 files changed, 5 insertions(+), 3 deletions(-) commit 85d9078be0456de8014a6f186f3916ddb01792d2 Author: Pino Toscano <pino@debian.org> Date: 2011-09-30 Don't use PATH_MAX unless its defined * Fixes build on GNU/Hurd https://bugs.freedesktop.org/show_bug.cgi?id=41303 p11-kit/modules.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 639aa9e38692ba5001987bb496e10cca14880807 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-09-28 Print more information in 'p11-kit -l' tools/p11-kit.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) commit 67b52ed7d7f298f64be5ead41deeeebab1238d47 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-09-27 Release 0.7 NEWS | 5 +++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) commit d3e245f579d917d1393624b6ecf3ae0c3748bbb3 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-09-27 Don't expand p11-kit config variables in configure. * Expand them later in Makefile and pkg-config file configure.ac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit fcb71c3962314b48e9f8bd7f82673fa4e065607d Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-09-26 Add test tool to print out error messages * Allows checking of translations .gitignore | 1 + tests/Makefile.am | 3 +- tests/print-messages.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 140 insertions(+), 1 deletion(-) commit a1cc80045864777db8c77e711f0a8efaad949c3e Author: Andreas Metzler <ametzler@downhill.at.eu.org> Date: 2011-09-26 Fix quoting of build variables https://bugs.freedesktop.org/show_bug.cgi?id=40985 p11-kit/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a081b6652acc9d9a9af22a266f9175f689b8c5d1 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-09-19 Expand the libdir path correctly https://bugs.freedesktop.org/show_bug.cgi?id=40985 configure.ac | 6 ------ p11-kit/Makefile.am | 9 ++++++++- 2 files changed, 8 insertions(+), 7 deletions(-) commit 8054865325fdb2221f3e425d04d9e03f6475553e Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2011-09-15 Add #include <limits.h> for PATH_MAX to fix compilation on FreeBSD. https://bugs.freedesktop.org/show_bug.cgi?id=40923 p11-kit/modules.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 67dc760cec1653e9571b7c4e2bada3992c2b8361 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-09-14 Release version 0.6 NEWS | 5 +++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) commit 11f3f0effb14be788e320d2f75b0d2d769058966 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-09-14 Add documentation about the configuration paths * Default module path * How to lookup paths using pkg-config doc/p11-kit-config.xml | 37 ++++++++++++++++++++++--------------- doc/p11-kit-docs.sgml | 1 + doc/p11-kit-notes.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ doc/p11-kit.xml | 3 +++ doc/style.css | 2 ++ 5 files changed, 76 insertions(+), 15 deletions(-) commit 927d2e5927ddad1eafe94c0bcadd76cd73d6297a Author: Kalev Lember <kalevlember@gmail.com> Date: 2011-09-14 When a module has a relative path, load it from $libdir/pkcs11 So far we have only supported full paths to the pkcs11 modules in config files. This change adds relative path support, so that for modules installed under the standard $libdir/pkcs11, the config file won't have to spell out the full path. configure.ac | 9 ++++++++ p11-kit/modules.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++--- p11-kit/p11-kit-1.pc.in | 1 + 3 files changed, 68 insertions(+), 3 deletions(-) commit 138c1efa9af4893536fb7c3a90d3cb1ac24cea89 Author: Kalev Lember <kalevlember@gmail.com> Date: 2011-09-14 Rename pkgconfig configuration directory variables Renamed them to reduce ambiguity and to pave the way for exposing some additional parameters. p11_system_modules -> p11_system_config_modules p11_user_modules -> p11_user_config_modules configure --with-pkcs11-dir => configure --with-system-config configure.ac | 50 ++++++++++++++++++++++-------------------- p11-kit/Makefile.am | 2 +- p11-kit/modules.c | 5 +++-- p11-kit/p11-kit-1.pc.in | 10 +++++---- p11-kit/pkcs11.conf.example.in | 2 +- 5 files changed, 37 insertions(+), 32 deletions(-) commit 1cecad87a968ab6441b020fafb95f991b97e84b3 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-31 Release version 0.5 NEWS | 5 +++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) commit e06009c33616d07a0687d0adbb5c59ec1c8965af Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-30 Don't crash if p11_kit_registered_modules() called after failed init p11-kit/modules.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit fbdb10edfa39ada801af187dd3abaa5c8bf2ae6b Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-30 Remove useless typedef p11-kit/conf.h | 2 -- 1 file changed, 2 deletions(-) commit 21b64c68e6a5ffcae50f3561f6dec6ee943a006f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-30 Add 'critical' setting for modules * When a module has critical set to 'yes', and that module fails to init then it aborts the entire init process. * Defaults to 'no' doc/p11-kit-config.xml | 24 ++++++++++++++++++++++-- p11-kit/conf.c | 18 ++++++++++++++++++ p11-kit/conf.h | 3 +++ p11-kit/modules.c | 7 ++++++- 4 files changed, 49 insertions(+), 3 deletions(-) commit 25512ca5a03d723a84d6de67a7036188d08ec21b Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-24 Fix bugs in the p11-kit proxy module. * Initialize the mappings properly * Lookup session handles correctly * Debug initialization and finalization p11-kit/debug.c | 1 + p11-kit/debug.h | 3 ++- p11-kit/proxy.c | 42 ++++++++++++++++++++++++++++-------------- 3 files changed, 31 insertions(+), 15 deletions(-) commit 61c925fda7385392b3961f0b44049b9ff7a68093 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-19 Release version 0.4 NEWS | 8 ++++++++ configure.ac | 2 +- po/p11-kit.pot | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) commit ae95625311e98caa3cccf82d24a3b612df11b26d Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-19 Ignore spaces in PKCS#11 URIs * These should be able to occur anywhere and should be ignored according to RFC 3986. This is documented in the PKCS#11 URI specification. p11-kit/uri.c | 85 ++++++++++++++++++++++++++++++++++++++++++-------------- p11-kit/uri.h | 4 +-- tests/uri-test.c | 24 ++++++++++++++++ 3 files changed, 90 insertions(+), 23 deletions(-) commit d4abb441450deceff760086dcdf9d493b258074a Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-14 Fix endless loop if module forks during initialization. * If a module forks during its C_Initialize, previously our fork handler would try to initialize it again, ad nauseum. Reported by Nikos on the mailing list. .gitignore | 1 + p11-kit/modules.c | 12 +- tests/Makefile.am | 30 +- tests/mock-module.c | 886 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/mock-module.h | 336 ++++++++++++++++++++ tests/p11-test.c | 114 +++++++ 6 files changed, 1354 insertions(+), 25 deletions(-) commit 43169c520292397439bd70fb74e9505d371f7c72 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-14 Safer initialization of individually initialized module. * More checks for out of memory. * Take more of the same code paths when initializing a single module as when initializing registered, or loading from file. * Cleanup halfway initialized globals if fail during init. p11-kit/modules.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) commit 1e2011a308500632a9fbfb541dafcd73d796f3d5 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-05 Update PKCS#11 URI code for new draft of spec * pinfile attribute was renamed to pin-source * objecttype attribute was renamed to object-type * secretkey value was renamed to secret-key We continue to support parsing the old attribute names and values but generate URIs with the new ones. doc/Makefile.am | 2 +- doc/p11-kit-sections.txt | 2 + p11-kit/pin.c | 126 +++++++++++++++++++++++------------------------ p11-kit/pin.h | 10 ++-- p11-kit/uri.c | 83 +++++++++++++++++++++---------- p11-kit/uri.h | 9 ++++ tests/pin-test.c | 38 +++++++------- tests/uri-test.c | 60 +++++++++++----------- 8 files changed, 185 insertions(+), 145 deletions(-) commit 0a2fd044770d645b7707d2b4926a3214147973a8 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-03 Don't fail when duplicate modules are configured. * Duplicate modules may be caused by editor backups, misconfigurations or a multitude of other sources. Failing dead is a bit harsh. * After discussing gnutls needs with Nikos p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3b78f626872c637339a3302b8f0607c778aef92c Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-03 Better debug output for initialization and loading modules. p11-kit/modules.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit ca48cb81f8e1465fdc4e4b504ea9da0324b30658 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-03 Fix broken debug arguments p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e938d137fee800605b5c11d0c2aa6eae90e205eb Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-08-01 Add example configuration documentation. * And also install example pkcs11.conf file. .gitignore | 1 + configure.ac | 7 ++++-- doc/p11-kit-config.xml | 48 ++++++++++++++++++++++++++++++++++++++++++ p11-kit/Makefile.am | 6 +++++- p11-kit/pkcs11.conf.example.in | 9 ++++++++ 5 files changed, 68 insertions(+), 3 deletions(-) commit dd6b2c11794a74a33bfa53fec9892cb0c7007e80 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-29 Release version 0.3 NEWS | 5 +++++ README | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) commit 24d5da1bfa82e296872ae1ef62dbc073780edf20 Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2011-07-28 Fix building with NLS enabled. https://bugs.freedesktop.org/show_bug.cgi?id=39622 tests/Makefile.am | 17 +++++++++++------ tools/Makefile.am | 3 ++- 2 files changed, 13 insertions(+), 7 deletions(-) commit 8f4923bcaa66809aa247859b48f2d67d8950097e Author: Roman Bogorodskiy <bogorodskiy@gmail.com> Date: 2011-07-28 Use AC_SEARCH_LIBS instead of AC_CHECK_LIB for dlopen() to fix on *BSD. https://bugs.freedesktop.org/show_bug.cgi?id=39622 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b1b63063e0da8518e89b485bc4d2827ba2e3fdcf Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-28 Make p11-kit-proxy.so link point to libp11-kit.so.0.0.0 * The link now points to the actual library, rather than to another link. https://bugzilla.redhat.com/show_bug.cgi?id=725905 p11-kit/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit daec3faa85c4f463e3b13688f2bc2bbd1b2ae106 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-27 Add libtool style versioning variables to p11-kit configure.ac | 16 ++++++++++++++++ p11-kit/Makefile.am | 4 +++- po/p11-kit.pot | 4 ++-- 3 files changed, 21 insertions(+), 3 deletions(-) commit fb0952dbeb607542b7feab80b1bbd2b1258cd15f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-27 Fix bug in hashtable rewrite. * Initialization mixup. p11-kit/hashmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9add486d5bbb2ac6a3566e21d729107c26de77a3 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-27 Cleanup documentation warnings * After recent hash table rewrite we should be ignoring the new file. doc/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4454fc36a0dd9b6e99e302769084b2964eef34c1 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-27 Create a link for the proxy module. * Install proxy module at its own path which is not prefixed by 'lib' * Since the proxy module is the same as the library, and actually needs to be loaded as the same library in memory (due to resource tracking per process), use a symlink for proxy. * Add a variable to the pkg-config file which shows the path to the proxy module. ie: $ pkg-config --variable=proxy_module p11-kit-1 https://bugzilla.redhat.com/show_bug.cgi?id=725905 p11-kit/Makefile.am | 6 +++++- p11-kit/p11-kit-1.pc.in | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) commit 308a776372eb1560480fbfcb5ef9d918a7a1454f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-27 Reimplement and remove apache licensed bits of code. * Reimplement the various bits of the hash table that were still based on the apache apr code. Use different algorithms for hashing, lookup and other stuff. * Use this as an opportunity to cleanup that code and make it more legible. https://bugzilla.redhat.com/show_bug.cgi?id=725905 COPYING | 22 +- p11-kit/Makefile.am | 2 +- p11-kit/conf.c | 50 ++--- p11-kit/conf.h | 12 +- p11-kit/hash.c | 473 ------------------------------------------ p11-kit/hashmap.c | 372 +++++++++++++++++++++++++++++++++ p11-kit/{hash.h => hashmap.h} | 71 +++---- p11-kit/modules.c | 62 +++--- p11-kit/pin.c | 6 +- p11-kit/proxy.c | 8 +- tests/conf-test.c | 64 +++--- tests/hash-test.c | 158 +++++++------- 12 files changed, 578 insertions(+), 722 deletions(-) commit 3bb86b72ca5882b1e5684db837c75df810f283c3 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-21 Expand the various pkcs11 config paths properly. * Without this the ${prefix} part of the variable wasn't being expanded and was making it into the #define. configure.ac | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 4a3a1e0b8ad676f057e4fb141b4692987e8ce558 Author: Colin Walters <walters@verbum.org> Date: 2011-07-18 configure: Use $sysconfdir for p11_system_conf dir, not hardcoded /etc If the user specified sysconfdir, we should respect it. Don't hardcode /etc. This is important for jhbuild, which uses /path/to/builddir/etc. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 43cf13e1a25da76297cd3397569031d7c3fd3a09 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-19 Ignore some built files after recent changes. .gitignore | 2 ++ m4/{empty => .empty} | 0 2 files changed, 2 insertions(+) commit b59ab92e640e13d10484fffc74ed6a218930c6ab Author: Colin Walters <walters@verbum.org> Date: 2011-07-18 build: Make autogen.sh work * We were missing a call to gettextize, which is what copies in config.rpath * Delete ABOUT-NLS, it is copied in by gettextize * While we're here, take a page from gtk+'s autogen.sh and just use autoreconf, instead of specifying everything. * We need to always have an m4/ directory, so that gettextize works, so we make a dummy empty file * Apparently gettextize is totally insane, requiring user input etc. Copy in some hacks from Avahi's autogen.sh to work around this. .gitignore | 1 - ABOUT-NLS | 1281 ------------------------------------------------------------ autogen.sh | 17 +- m4/empty | 1 + 4 files changed, 12 insertions(+), 1288 deletions(-) commit 69dd8b722bcb1a76ff586e71c580f6844412abb9 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-12 pin: Fix uninitialized variable p11-kit/pin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 087a815b2b9cd5e0ec44866be1ddddb948583e88 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-07 Bump version number, and tweak upload procedure .gitignore | 1 + Makefile.am | 3 ++- configure.ac | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) commit e27e943b83401515b8b6acc1da705df6c56416e1 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-07 Release version 0.2 NEWS | 6 ++++++ configure.ac | 2 +- po/p11-kit.pot | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) commit 98ba6f9ffb95c5473e5e32d296956e91c4fc2715 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-06 List labels of all tokens in 'p11-kit -l' tools/p11-kit.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) commit 883b3ee76c686d14bbc1f20b0805d733a0c227ad Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-07-06 More fine tuning of the pin APIs. doc/p11-kit-sections.txt | 1 + p11-kit/pin.c | 18 ++++++++++++++++-- p11-kit/pin.h | 4 +++- 3 files changed, 20 insertions(+), 3 deletions(-) commit 1ff1a4895b2d5ff5fe559b96034fb1c3855d4b45 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-24 Add documentation for PIN callbacks. doc/Makefile.am | 2 +- doc/p11-kit-docs.sgml | 1 + doc/p11-kit-sections.txt | 19 +++ p11-kit/pin.c | 328 +++++++++++++++++++++++++++++++++++++---------- p11-kit/pin.h | 4 +- tests/pin-test.c | 18 +-- 6 files changed, 295 insertions(+), 77 deletions(-) commit fd7dee836d0b14efc48bf59955c8a12a72561043 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-24 Add P11KitPin structure, which encapsulates a returned pin. * Lets us use variable size buffers. * Helps minimize copying. p11-kit/pin.c | 171 +++++++++++++++++++++++++++++++++++++++++++---- p11-kit/pin.h | 44 ++++++++---- tests/files/test-pinfile | 1 + tests/pin-test.c | 161 ++++++++++++++++++++++++++++++-------------- 4 files changed, 302 insertions(+), 75 deletions(-) commit 2cc2ab90a6b96ea75dfe4d6413e41539075e8f8a Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-21 Rename p11_kit_pin_read_pinfile to p11_kit_pin_retrieve * Fix up duplicate register logic as well. p11-kit/pin.c | 13 +++++++------ p11-kit/pin.h | 4 ++-- tests/pin-test.c | 38 +++++++++++++++++++------------------- 3 files changed, 28 insertions(+), 27 deletions(-) commit f1ca5d5b57909534d8b21f9be455c94ca57e6636 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-20 Implement support for registering and calling pinfile callbacks * These are callbacks that hanlde the pinfile part of a PKCS#11 URI. * One library can register a callback that another can then call in a thread-safe and simple fashion. .gitignore | 2 + p11-kit/Makefile.am | 3 + p11-kit/pin.c | 332 +++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/pin.h | 85 +++++++++++++ p11-kit/ptr-array.c | 150 ++++++++++++++++++++++ p11-kit/ptr-array.h | 61 +++++++++ tests/Makefile.am | 12 +- tests/pin-test.c | 237 +++++++++++++++++++++++++++++++++++ tests/ptr-array-test.c | 259 ++++++++++++++++++++++++++++++++++++++ 9 files changed, 1140 insertions(+), 1 deletion(-) commit 0a793a9e462727f434f6283a712b37ab30df5e95 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-16 Fix logic error loading registered modules. Thanks to Richard Bellgrim. p11-kit/modules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b1b62f1b0856821d046ed92be076f9b9f8c664a9 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-09 Update pkcs11.h with PKCS#11 2.20 ammendments. p11-kit/pkcs11.h | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) commit 6d36c108a0f00f7485967b528b2a9f7c22173a5b Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-09 Fixed typos and made options clearer. doc/p11-kit-config.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d941244aaf0cf142fee986eb914c2767f564dc14 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-09 By default use /etc/pkcs11 for system configs and not ${prefix} * Packagers can override this with the --with-pkcs11-dir configure arg. configure.ac | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) commit 4bb63ced295ddd64a019ae49cfae191524a34f07 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-09 Complete documentation for message functionality. doc/p11-kit-docs.sgml | 1 + doc/p11-kit-sections.txt | 6 ++++++ p11-kit/modules.c | 15 +++++++++++++++ p11-kit/util.c | 29 +++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+) commit d6463e70eeb0ad3d93788a3e0f13e2007be54c50 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-09 Complete testing of global config files and directories. tests/conf-test.c | 262 +++++++++++++++++++++++++++++++++++ tests/files/system-modules/one | 3 + tests/files/system-modules/two | 3 + tests/files/test-system-invalid.conf | 3 + tests/files/test-system-merge.conf | 7 + tests/files/test-system-none.conf | 8 ++ tests/files/test-system-only.conf | 8 ++ tests/files/test-user-invalid.conf | 3 + tests/files/test-user-only.conf | 4 + tests/files/test-user.conf | 3 + tests/files/user-modules/one | 2 + tests/files/user-modules/three | 3 + 12 files changed, 309 insertions(+) commit 48a08272bfcc0153887b850b4ea82e8fb7d8f1ae Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-09 Store last failure message per thread. * Add p11_kit_message() function to get last message. doc/p11-kit-config.xml | 2 +- p11-kit/Makefile.am | 3 +- p11-kit/conf.c | 22 +++++++------ p11-kit/modules.c | 46 +++++++++++++++++++------- p11-kit/p11-kit.h | 8 +++++ p11-kit/private.h | 6 ++-- p11-kit/util.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++--- tests/Makefile.am | 3 +- tests/conf-test.c | 13 ++++---- 9 files changed, 151 insertions(+), 39 deletions(-) commit 21333019a5afceb5f07637fb50b784a4ecd9f9ff Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-08 Refactor configuration * Move configuration loading into conf.c * Have user modules with same name merge/override modules in system. p11-kit/Makefile.am | 2 +- p11-kit/conf.c | 429 +++++++++++++++++++++++++++++++++++++++++++++++----- p11-kit/conf.h | 24 ++- p11-kit/hash.c | 117 ++++++++------ p11-kit/hash.h | 10 +- p11-kit/modules.c | 366 ++++++++------------------------------------ p11-kit/private.h | 11 ++ p11-kit/util.c | 17 +++ tests/conf-test.c | 40 +++-- 9 files changed, 610 insertions(+), 406 deletions(-) commit 7c1edab7e6c1c6939ecdeaefc5f006772298f9eb Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-08 Ignore files without a 'module' value. * Just skip loading these. p11-kit/modules.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit d6b8300fe9bae0595aaf894c5d98aa7c72209e38 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Bump version number. configure.ac | 6 +++++- po/p11-kit.pot | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) commit 5b77fb058c43e6b0b631e1c7df41994cc41cd2ac Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Make target for uploading release. Makefile.am | 3 +++ 1 file changed, 3 insertions(+) commit bfac05a80d66668a617386e7fdf569b5eb381a93 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Release version 0.1 p11-kit/Makefile.am | 3 +++ po/p11-kit.pot | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) commit cab38f1cb262e7922098fdb03c2c5828f5f003a1 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Fix up documentation doc/p11-kit-sections.txt | 5 ++++- p11-kit/util.c | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) commit b9a8a140cf09780671402e872130a51ec4f4b014 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Add p11_kit_space_strdup() function, and rename p11_kit_space_strlen() * Print out module info in p11-kit tool. p11-kit/p11-kit.h | 6 ++++++ p11-kit/uri.c | 15 ++------------- p11-kit/uri.h | 3 --- p11-kit/util.c | 34 ++++++++++++++++++++++++++++++++++ tools/p11-kit.c | 28 +++++++++++++++++++++++++++- 5 files changed, 69 insertions(+), 17 deletions(-) commit b315f99c90d01104d6baa91ca0f2cfb32c920abd Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Fix more memory errors and leaks in module code. p11-kit/modules.c | 16 ++++++++++++---- tools/p11-kit.c | 3 +++ 2 files changed, 15 insertions(+), 4 deletions(-) commit 7f5d2e9471872d8c1cf7181ba647c1dc74e2c6dd Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Free string output of conf-test tests/conf-test.c | 1 + 1 file changed, 1 insertion(+) commit fb8b8cada7bad73acf936c1dee2e7b1be64e3513 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Fix URI parsing memory leaks. p11-kit/uri.c | 1 + tests/uri-test.c | 1 + 2 files changed, 2 insertions(+) commit 7c410200143b72a5976d228d75aab59f8b965fe9 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Fix some hash leaks and bugs. p11-kit/hash.c | 20 ++++++++++++-------- tests/hash-test.c | 39 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 49 insertions(+), 10 deletions(-) commit 0f09803ba95bcdfebf4bde509b43b3ca52cd9d3f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Fix compiler warnings. p11-kit/hash.c | 2 +- tests/uri-test.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit a5d3e34397d847a0c9b2e3aab7bd9f0b1080af05 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-07 Remove unstable API markers. p11-kit/Makefile.am | 3 --- p11-kit/p11-kit.h | 9 --------- p11-kit/uri.h | 9 --------- tests/Makefile.am | 3 +-- tools/Makefile.am | 3 +-- 5 files changed, 2 insertions(+), 25 deletions(-) commit edf0b9584f1038797758b4ed878e1d9f48beda9f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-06-06 Modernize autotools setup. .gitignore | 1 + configure.ac | 13 ++++++------- 2 files changed, 7 insertions(+), 7 deletions(-) commit 0bd6cf376133f300edff57835eb95f7577d68792 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-30 Clear correct block of memory in p11_kit_uri_parse(). p11-kit/uri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6f1e963901ca7aff7af6bec376af00f892cbb9ca Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-30 GNU style definitions in uri.h as well as normal. p11-kit/uri.h | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) commit 82ca953733a651216125608d5ca7f9aa8005095e Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-30 Cleanup URI types * Support with/without library version. * Make names of types clearer. p11-kit/uri.c | 63 ++++++++++++++++++++++++++++++------------ p11-kit/uri.h | 18 +++++++++--- tests/uri-test.c | 84 ++++++++++++++++++++++++++++---------------------------- 3 files changed, 101 insertions(+), 64 deletions(-) commit e19300129d3fe21c9e3af1a7f95ccf3eb5315199 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-30 Set the return value properly in p11_kit_load_initialize_module() p11-kit/modules.c | 3 +++ 1 file changed, 3 insertions(+) commit b3b68fcb1d3fc4958acc6f6528fb88e7c87b7512 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-30 Add function p11_kit_uri_space_strlen() for figuring out the length of space terminated strings. doc/p11-kit-sections.txt | 1 + p11-kit/uri.c | 6 +++--- p11-kit/uri.h | 3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) commit 2aa964160a1615077db18b03a6c72c286c27791f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-30 Allow use with CRYPTOKI_GNU style use of PKCS#11 doc/p11-kit-sections.txt | 10 +++++++++- p11-kit/p11-kit.h | 11 ++++++++++- p11-kit/uri.c | 2 +- p11-kit/uri.h | 14 +++++++++++++- 4 files changed, 33 insertions(+), 4 deletions(-) commit cfeaf3de3d745d457feaba48c532d7a384d67341 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-27 Add p11_kit_load_initialize_module() function. * This function will load a module from a file path, and then initialize it. doc/p11-kit-sections.txt | 1 + p11-kit/modules.c | 167 ++++++++++++++++++++++++++++++++++++++++------- p11-kit/p11-kit.h | 3 + 3 files changed, 147 insertions(+), 24 deletions(-) commit f03252bf032b04ed7a5b98ea52e3c75d84dc0812 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-27 Rename module arguments from 'funcs' to 'module' p11-kit/modules.c | 244 +++++++++++++++++++++++++++--------------------------- p11-kit/p11-kit.h | 8 +- 2 files changed, 126 insertions(+), 126 deletions(-) commit 5d697e5ff8e3222bdb67d0ce8444b0323eeaba69 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-27 Fix up documentation doc/p11-kit-sections.txt | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit a2fbdb1a3cd9d137010182be43fdf4ff8491dd9f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-27 Fix problems with 'make distcheck' Makefile.am | 4 ++++ doc/Makefile.am | 3 ++- gtk-doc.make | 9 +++++---- tests/Makefile.am | 8 ++++++-- 4 files changed, 17 insertions(+), 7 deletions(-) commit ad14c9c4c1345fe01336fc0d5bfccd3fca248ce1 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-27 Fix uninitialized variable problem. p11-kit/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bdd6188e299405e16179906bc79f9fef2605176a Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-27 Change around installation of headers, pkg-config, and file names * Install headers to ${prefix}/include/p11-kit-1/p11-kit/ * This solves problems with other projects that have their own pkcs11.h files. * Change the pkg-config file name to p11-kit-1.pc * Change the source file names. .gitignore | 6 +- configure.ac | 4 +- doc/Makefile.am | 4 +- p11-kit/Makefile.am | 18 ++-- p11-kit/debug.h | 4 +- p11-kit/{p11-kit-messages.c => messages.c} | 0 p11-kit/{p11-kit-lib.c => modules.c} | 2 +- p11-kit/{p11-kit.pc.in => p11-kit-1.pc.in} | 2 +- p11-kit/p11-kit.h | 2 +- p11-kit/p11-kit.pc | 17 --- p11-kit/{p11-kit-private.h => private.h} | 0 p11-kit/{p11-kit-proxy.c => proxy.c} | 2 +- p11-kit/{p11-kit-uri.c => uri.c} | 2 +- p11-kit/{p11-kit-uri.h => uri.h} | 2 +- po/POTFILES.in | 2 +- po/p11-kit.pot | 164 ++++++++++++++--------------- tests/uri-test.c | 2 +- 17 files changed, 110 insertions(+), 123 deletions(-) commit 92f821b6883e700a97a18d244104dea1031f2dce Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-26 Add functions for clearing and setting multiple attributes on URI. p11-kit/p11-kit-uri.c | 75 ++++++++++++++++++++++++++++++++++++--------------- p11-kit/p11-kit-uri.h | 12 ++++++--- tests/uri-test.c | 41 +++++++++++++++++++++++++--- 3 files changed, 100 insertions(+), 28 deletions(-) commit c37d5dfaf0c2a5e70066fd1c9606b00329c3622a Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-26 Return proper errors when NULL is passed to mutex functions. p11-kit/p11-kit-lib.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 0542a87afdacd2c53da5d453b1d23e8a0dd91ea4 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-26 URI API fine tuning * Rework API for getting all the attributes, to match usage in PKCS#11 * Add support for pinfile argument in URIs. * Complete tests. p11-kit/p11-kit-uri.c | 365 ++++++++++++++++++++++++++++++-------------------- p11-kit/p11-kit-uri.h | 9 +- tests/uri-test.c | 103 ++++++++++++++ 3 files changed, 328 insertions(+), 149 deletions(-) commit 7c2a8a5b3ad134b6e3093761d617936dcbd21adf Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-25 Add p11_kit_uri_message() function. Gets messages for p11-kit error codes. p11-kit/debug.c | 1 + p11-kit/debug.h | 3 ++- p11-kit/p11-kit-uri.c | 38 ++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit-uri.h | 2 ++ 4 files changed, 43 insertions(+), 1 deletion(-) commit a01f4351e34fee946d1ffb81baa31a756e2851be Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-05-24 Fix null pointer dereference. p11-kit/p11-kit-lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e16a0a7183bd7c400ea3df12ad6ee1155a17634c Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-04-05 Fix lots of bugs and add more debugging statements. p11-kit/conf.c | 3 ++- p11-kit/p11-kit-lib.c | 51 +++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 43 insertions(+), 11 deletions(-) commit 4d7cf526a352d7c9a02d05a308eef937b1a8987d Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-04-05 Add basic tool for p11-kit. List modules: $ p11-kit -l .gitignore | 2 + Makefile.am | 1 + configure.ac | 1 + tools/Makefile.am | 12 ++++++ tools/p11-kit.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 137 insertions(+) commit 6078d6d73bc2eb1dbf2283b37d9507297fefba9d Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-04-05 Add support for debug tracing. Use P11_KIT_DEBUG=xxx environment variable to enable tracing. Must have been built without --disable-debug option. P11_KIT_DEBUG can (at this point) be one of these values: all help conf lib .gitignore | 1 + configure.ac | 23 ++++++--- doc/Makefile.am | 2 +- p11-kit/Makefile.am | 1 + p11-kit/conf.c | 7 +++ p11-kit/debug.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/debug.h | 93 ++++++++++++++++++++++++++++++++++ p11-kit/p11-kit-lib.c | 17 ++++++- 8 files changed, 272 insertions(+), 8 deletions(-) commit aada8e3d41c3be7cdc7e0994c7dff7c307fbbe7f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-04-01 Fix up copyright lines. p11-kit/conf.c | 4 ++-- p11-kit/conf.h | 4 ++-- p11-kit/hash.c | 4 ++-- p11-kit/hash.h | 4 ++-- p11-kit/p11-kit-lib.c | 2 +- p11-kit/p11-kit-private.h | 2 +- p11-kit/p11-kit-proxy.c | 2 +- p11-kit/p11-kit-uri.h | 2 +- p11-kit/p11-kit.h | 2 +- p11-kit/util.c | 1 - p11-kit/util.h | 1 - 11 files changed, 13 insertions(+), 15 deletions(-) commit 579d40eff31c7a17cc4e4f07d26c6189619fee31 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Add C++ header guards, and require API instability acknowledgement. p11-kit/Makefile.am | 3 +++ p11-kit/p11-kit-uri.h | 23 ++++++++++++++++++++--- p11-kit/p11-kit.h | 17 +++++++++++++++++ tests/Makefile.am | 3 ++- 4 files changed, 42 insertions(+), 4 deletions(-) commit cf988aa7858d249887ea0818301c7211bb3cab38 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Support setting of CK_C_INITIALIZE_ARGS.pReserved to string. This is a naughty little thing that a lot of PKCS#11 modules require to be properly initialized. So we support setting pReserved to a string that is in the config under the 'x-init-reserved' parameter. p11-kit/p11-kit-lib.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 540a00501ba682b420b143480d5864335cad6c71 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Give reference chapter an explicit id. doc/p11-kit-docs.sgml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 52dab5cd52b19352e9f29b16c686fc545d2aadf1 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Add make target for uploading docs. Makefile.am | 6 ++++++ 1 file changed, 6 insertions(+) commit a0ef9771b882bf2dc5bd56fcc6bcfdf47ed90feb Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Mix in other documentation. doc/Makefile.am | 2 +- doc/p11-kit-config.xml | 10 ++++++---- doc/p11-kit-docs.sgml | 12 ++++++++---- ...p11-kit-multiple-problem.xml => p11-kit-sharing.xml} | 0 doc/style.css | 17 ++++++++++------- 5 files changed, 25 insertions(+), 16 deletions(-) commit ca1d8a09e05444de07a1ad722b57f5dcae042892 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Fix up styling and tweaks. doc/style.css | 24 +++++++++++++++++------- p11-kit/p11-kit-messages.c | 4 ++-- 2 files changed, 19 insertions(+), 9 deletions(-) commit 17ebc007ed0376bdea50294201a637be982d68b7 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Fix up styling of documentation. doc/p11-kit-docs.sgml | 2 +- doc/style.css | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++ gtk-doc.make | 4 ++- 3 files changed, 74 insertions(+), 2 deletions(-) commit 479cbd55ee5739d3cd2566379575451dbecf4c54 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Documentation and API cleanup. * Rename source directory * More consistent with return values from URI functions. * Allow formatting URI to take a uri type. .gitignore | 17 ++ Makefile.am | 6 +- configure.ac | 17 +- doc/Makefile.am | 80 ++++++-- doc/p11-kit-docs.sgml | 24 +++ doc/p11-kit-overrides.txt | 0 doc/p11-kit-sections.txt | 40 ++++ doc/version.xml.in | 1 + gtk-doc.make | 230 +++++++++++++++++++++ {module => p11-kit}/Makefile.am | 1 - {module => p11-kit}/conf.c | 0 {module => p11-kit}/conf.h | 0 {module => p11-kit}/hash.c | 1 - {module => p11-kit}/hash.h | 0 {module => p11-kit}/p11-kit-lib.c | 103 +++++++--- {module => p11-kit}/p11-kit-messages.c | 16 +- {module => p11-kit}/p11-kit-private.h | 0 {module => p11-kit}/p11-kit-proxy.c | 0 {module => p11-kit}/p11-kit-uri.c | 360 +++++++++++++++++++++++++++------ {module => p11-kit}/p11-kit-uri.h | 25 +-- {module => p11-kit}/p11-kit.h | 0 p11-kit/p11-kit.pc | 17 ++ {module => p11-kit}/p11-kit.pc.in | 0 {module => p11-kit}/pkcs11.h | 0 {module => p11-kit}/util.c | 0 {module => p11-kit}/util.h | 0 tests/Makefile.am | 8 +- tests/uri-test.c | 82 ++++---- 28 files changed, 857 insertions(+), 171 deletions(-) commit 6132cd99c39739ef5360e41e92f22d287007577e Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 WIP module/p11-kit-lib.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++ module/p11-kit-uri.c | 43 +++++++++++++++++++ 2 files changed, 162 insertions(+) commit c45d9df39035dee8a3fff610d98ac3b4c245f1dc Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Fix for previous commit. Actually use the alloc_module_unlocked() function. module/p11-kit-lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9985957799fd7142125f1d2dd0fae4366ec83f32 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-31 Custom initialization and finalization arguments cannot be supported. When multiple consumers are using a PKCS#11 module, initialization (and finalization) arguments cannot be supported. The first one calling would win out, and the others would get unexpected behavior. module/p11-kit-lib.c | 193 ++++++++++++++++++++++++----------------------- module/p11-kit-private.h | 4 +- module/p11-kit-proxy.c | 4 +- module/p11-kit.h | 6 +- 4 files changed, 104 insertions(+), 103 deletions(-) commit 1104f03d9b34cc659838124e00ac864c35af4f82 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-03 Add info and copyright. doc/p11-kit.xml | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) commit d05a04968e07f6a2084ceb747938dc7cc049cb5f Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-03-03 The start of some documentation. .gitignore | 2 + Makefile.am | 2 +- configure.ac | 1 + doc/Makefile.am | 22 ++++++++ doc/docbook-params.xsl | 39 +++++++++++++ doc/p11-kit-config.xml | 119 +++++++++++++++++++++++++++++++++++++++ doc/p11-kit-multiple-problem.xml | 92 ++++++++++++++++++++++++++++++ doc/p11-kit.xml | 11 ++++ 8 files changed, 287 insertions(+), 1 deletion(-) commit 25cbc9b3293f2c6df38bd0528b89101e5e547321 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-02-21 Add uri function for listing which attribute types are present. module/p11-kit-uri.c | 24 +++++++++++++++++++++++- module/p11-kit-uri.h | 3 +++ 2 files changed, 26 insertions(+), 1 deletion(-) commit ff7db14f0acae463165377f2d4b999e566298b40 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-02-21 Fix bug where we try to dlclose() modules we didn't load. module/p11-kit-lib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1d9ca2ddb4df85b7235ec78e4996cf2d1fd775a2 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-02-19 Reference implementation of PKCS#11 URIs .gitignore | 1 + module/Makefile.am | 3 + module/p11-kit-proxy.c | 14 +- module/p11-kit-uri.c | 886 ++++++++++++++++++++++++++++++++++++++++ module/p11-kit-uri.h | 101 +++++ module/p11-kit.h | 2 + module/util.c | 51 +++ module/util.h | 45 +++ tests/Makefile.am | 7 +- tests/uri-test.c | 1050 ++++++++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 2146 insertions(+), 14 deletions(-) commit 65509aa3a7c35d8bd5a947ca87c14d4de11deb21 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-02-18 Add p11_kit_strerror() method and internationalization. .gitignore | 5 + ABOUT-NLS | 1281 +++++++++++++++++++++++++++++++++++++++++++++ Makefile.am | 4 +- configure.ac | 4 + module/Makefile.am | 14 +- module/p11-kit-lib.c | 4 +- module/p11-kit-messages.c | 234 +++++++++ module/p11-kit.h | 2 + po/Makefile.in.in | 444 ++++++++++++++++ po/Makevars | 41 ++ po/POTFILES.in | 2 + po/Rules-quot | 47 ++ po/boldquot.sed | 10 + po/en@boldquot.header | 25 + po/en@quot.header | 22 + po/insert-header.sin | 23 + po/p11-kit.pot | 342 ++++++++++++ po/quot.sed | 6 + po/remove-potcdate.sin | 19 + 19 files changed, 2523 insertions(+), 6 deletions(-) commit 5cc83571c3e0e212f4d84b05bb15088409d9c752 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-02-17 Properly read user-config setting. * Unless the system 'user-config' setting is 'none' we allow the user to override or merge all settings, including the 'user-config' setting. module/p11-kit-lib.c | 187 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 146 insertions(+), 41 deletions(-) commit 80fe1806941d555433f3a1c97ab116dd281041e0 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-02-17 Add a proper pkg-config file. .gitignore | 2 ++ configure.ac | 25 ++++++++++++++----------- module/Makefile.am | 10 +++++----- module/p11-kit.pc.in | 17 +++++++++++++++++ 4 files changed, 38 insertions(+), 16 deletions(-) commit c03b1023835887569315fbec6295be3cc0f4cf42 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-02-17 Only allow colon between name and value. module/conf.c | 4 ++-- tests/files/test-1.conf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 14dfb79ca65dd80e117103c4f8852ae2b4a419a0 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-01-30 Configuration tests. .gitignore | 1 + module/conf.c | 25 ++++++---- module/conf.h | 6 +-- module/p11-kit-lib.c | 8 ++-- tests/Makefile.am | 13 ++++-- tests/conf-test.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++ tests/files/test-1.conf | 6 +++ 7 files changed, 158 insertions(+), 22 deletions(-) commit 4375e297b19bc2177e17cc5616e75d96be053328 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-01-26 Add testing and start testing hash table functionality. .gitignore | 8 + Makefile.am | 12 +- configure.ac | 42 ++++++ module/Makefile.am | 16 +- module/hash.c | 15 ++ module/hash.h | 5 + tests/Makefile.am | 17 +++ tests/cutest/CuTest.c | 339 ++++++++++++++++++++++++++++++++++++++++++ tests/cutest/CuTest.h | 116 +++++++++++++++ tests/cutest/README.txt | 211 ++++++++++++++++++++++++++ tests/cutest/license.txt | 38 +++++ tests/hash-test.c | 377 +++++++++++++++++++++++++++++++++++++++++++++++ 12 files changed, 1191 insertions(+), 5 deletions(-) commit f8009b4d504de0ed752b867893acd263108409e0 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-01-24 Reinitialize modules after fork(). module/p11-kit-lib.c | 51 ++++++++++++++++++++++++++++++++++++++++++++---- module/p11-kit-private.h | 1 + module/p11-kit-proxy.c | 18 +++++++++++++++++ 3 files changed, 66 insertions(+), 4 deletions(-) commit b2b0acbc5789823a33de9eabec10e2b8656f3632 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-01-24 Initial implementation with new config system. configure.ac | 3 +- module/Makefile.am | 10 +- module/conf.c | 240 ++++++++++ module/conf.h | 51 +++ module/hash.c | 512 +++++++++++---------- module/hash.h | 110 +++-- module/p11-kit-lib.c | 810 ++++++++++++++++++++++++++++++++++ module/p11-kit-private.h | 51 +++ module/{p11-kit.c => p11-kit-proxy.c} | 696 ++--------------------------- module/p11-kit.h | 12 +- 10 files changed, 1558 insertions(+), 937 deletions(-) commit 5a53e44a73d4fb62483e890fe348ea40d27ef573 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-01-24 Rename to p11-kit. A less pretentios, better description of what's going on. ChangeLog | 2 +- configure.ac | 4 +- module/Makefile.am | 8 +- module/{p11-unity.c => p11-kit.c} | 312 +++++++++++++++++++------------------- module/{p11-unity.h => p11-kit.h} | 28 ++-- 5 files changed, 177 insertions(+), 177 deletions(-) commit 492c2ff7c191e5df75140a47e4e43fa25fd16023 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-01-22 Rework public library API so that we can initialize arbitrary modules. module/p11-unity.c | 752 ++++++++++++++++++++++++++++++++++------------------- module/p11-unity.h | 21 +- 2 files changed, 502 insertions(+), 271 deletions(-) commit c2a5aaf7baf4bcc006674a1938205f93028b8ab0 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-01-22 Rough idea of possible library functions. configure.ac | 5 +- module/p11-unity.c | 307 ++++++++++++++++++++++++++++++++++++++++++++--------- module/p11-unity.h | 56 ++++++++++ 3 files changed, 314 insertions(+), 54 deletions(-) commit a50ba779ff3e0a5d4f35fb2b6ab525a423575cc4 Author: Stef Walter <stefw@collabora.co.uk> Date: 2011-01-20 Initial implementation of p11-unity .gitignore | 31 ++ AUTHORS | 1 + COPYING | 47 ++ ChangeLog | 31 ++ Makefile.am | 18 + NEWS | 2 + README | 1 + autogen.sh | 21 + configure.ac | 90 +++ module/Makefile.am | 18 + module/hash.c | 400 ++++++++++++++ module/hash.h | 158 ++++++ module/p11-unity.c | 1543 ++++++++++++++++++++++++++++++++++++++++++++++++++++ module/pkcs11.h | 1357 +++++++++++++++++++++++++++++++++++++++++++++ 14 files changed, 3718 insertions(+)
Generated by dwww version 1.15 on Sun Jun 16 16:42:33 CEST 2024.