ANNOUNCE: p11-kit 0.19.2

Stef Walter stefw at
Thu Jul 18 05:26:21 PDT 2013

This is an unstable development release.

Of note, is that in this release the default path for user config is
changed to fit in line with the XDG basedir spec. By default user
config is loaded from ~/.config/pkcs11

What's new in 0.19.2

 * Add basic 'trust anchor' command to store a new anchor
 * Support for writing out trust token objects
 * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
 * Add option to use freebl for hashing
 * Implement reloading of token data
 * Fix warnings and possible minor bugs higlighted by code scanners
 * Don't load configs in home directories when running setuid or setgid
 * Support treating ~/.config as $XDG_CONFIG_HOME
 * Use $XDG_DATA_HOME/pkcs11 as default user config directory
 * Use $TMPDIR instead of $TEMP while testing
 * Open files and fds with O_CLOEXEC
 * Abort initialization if a critical module fails to load
 * Don't use thread-unsafe functions: strerror, getpwuid
 * Fix p11_kit_space_strlen() result when empty string
 * Refactoring of where various components live
 * Build fixes

Detailed changes between 0.19.1 and 0.19.2

Stef Walter (71):
      url: Encode directly to a buffer
      pem: Write PEM data directly to a buffer
      constants: Tweaks and add mechanisms
      persist: Support for writing out p11-kit persist files
      Force Mac OS shared library extension to .so
      Force Mac OS shared library extension to .so
      trust: Fix reinitialization of trust module
      tools: Fix passing args to external commands
      trust: Print out usage when extract-trust run incorrectly
      trust: Move the extract-trust external placeholder command into tr
      trust: Writable module PKCS#11 token functions
      Merge branch 'stable'
      Reorganize various components
      Fix running trust module tests under distcheck
      Fix dependency between p11-kit command and library
      trust: Implement validation for creating/modifying objects
      path: Add p11_path_prefix() function
      iter: Add iteration mode where session is not busy
      trust: Implement reloading of token data
      trust: Rename p11_index_batch() to p11_index_load()
      path: Add p11_path_canon() function
      trust: Add support for saving files with unique file names
      trust: Don't write out internal attributes when persisting
      trust: Correctly handle persisting OIDs with zero length
      trust: If token path is a file, don't try loading subdirectories
      trust: Initial support for writing out token objects
      trust: Add p11_asn1_read() and p11_asn1_free() functions
      trust: Add p11_oid_hash() and various oid strings
      trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spe
      p11-kit: Add P11_KIT_MODULE_TRUSTED flag
      common: Fix typo, and don't escape '6' in URL encoding
      asn1: In p11_asn1_read() allocate an extra null terminator
      trust: Support using the parser without an asn1_cache
      trust: Explicitly specify which formats parser should parse
      trust: Support token directory paths in user's home directory
      trust: Mark CKA_X_DISTRUSTED as a boolean attribute
      trust: Fix various issues writing objects in trust token
      trust: Add a basic 'anchor' command to store a new anchor
      trust: Fix bug with load validation failures
      trust: Fix the 'p11-kit extract' command
      Add support for using freebl3 for SHA1 and MD5 hashing
      Various documentation tweaks and fixes for warnings
      Build with -fno-common to catch definition problems
      Remove erroneous comments about readdir() and thread-safety
      Fixes for some recent win32 regressions
      iter: Document guarantees for filter matches argumet
      Make preconditions abort unconditionally when scanning with coveri
      buffer: Check for unlikely integer overflow
      open files with O_CLOEXEC when possible
      Fix various issues highlighted by coverity scanner
      tools: Use $TMPDIR instead of $TEMP
      Don't load configs from user directory when setuid
      Support expanding $XDG_CONFIG_HOME in user config paths
      Declare static variables const where it makes sense
      Avoid using the non-thread-safe strerror() function
      attrs: Check printf formatting in buffer_append_printf()
      Don't call memdup with zero length or NULL pointer
      Always pass size_t varargs to p11_hash_xxx() functions
      Fix p11_kit_space_strlen() result when empty string
      Use getpwuid_r() instead of the non-thread-sofe getpwuid()
      Use $XDG_CONFIG_HOME/pkcs11 as default user config directory
      Release version 0.19.2
      Fix extract example in documentation

manphiz at (2):
      Fix uninitialized p11_library_once
      Fix uninitialized p11_library_once




More information about the p11-glue mailing list