ANNOUNCE: p11-kit 0.20.0

Stef Walter stefw at
Wed Sep 4 04:52:10 PDT 2013

Announcing a new release of p11-kit. This is a stable release (at least
that's the idea :)

The 0.20.x series focuses on a better p11-kit module loading API, as
well as capabilities such as properly managing behavior of loaded modules.

There is a new 'trust' tool which operates on shared trust information.
This tool will grow over time.

These changes occurred over the course of the 0.19.x series, and 0.20.x
releases will have minor bug fixes and stabilization.

What's new in 0.20.x

 * Refactor API to be able to handle managed modules
 * Deprecate much of old p11-kit API
 * Implement concept of managed modules
 * Make C_CloseAllSessions function work for multiple callers
 * New dependency on libffi
 * Add new 'trust' command line tool
 * 'p11-kit extract' is now 'trust extract'
 * 'p11-kit extract-trust' is now 'trust extract-compat'
 * Workarounds for broken behavior [#68525]
 * Start using certain aspects of the updated storing trust spec
 * Support treating ~/.config as $XDG_CONFIG_HOME
 * Use $XDG_DATA_HOME/pkcs11 as default user config directory
 * Various build fixes and tweaks [#68122 ...]
 * Other minor fixes, see below.

Many thanks to everyone who contributed with review, patches and testing :)

Detailed changes between 0.18.x and 0.20.0

Alon Bar-Lev (1):
      do not assume dead code existence in autoconf checks

Michael Cronenworth (1):
      test-compat calls test_getauxval which is in a UNIX defined block

Pascal Ernster (1):
      Add --with-module-config parameter to the configure script

Stef Walter (115):
      Implement valgrind's hellgrind checks for threading problems
      Fail early when running
      Add subclassable CK_X_FUNCTION_LIST
      Use libffi to implement mixins for managed code
      p11-kit: Managed PKCS#11 module loading
      Update the proxy module to use managed PKCS#11 modules
      Manage C_CloseAllSessions function for multiple callers
      Add the log-calls module config option
      Bump the version number to unstable
      Support /xxx/yyy as an absolute path with Win32
      Pull the argv parsing code into its own file
      Further reorganization of the core module tracking
      Our own unit testing framework
      Fix up files for automake 1.13 warnings
      Bump the version for deprecated function documentation
      Fix building of applications using CRYPTOKI_GNU style
      Mark p11_kit_message() as a stable function
      Release version 0.19.1
      url: Encode directly to a buffer
      pem: Write PEM data directly to a buffer
      constants: Tweaks and add mechanisms
      persist: Support for writing out p11-kit persist files
      Force Mac OS shared library extension to .so
      Merge branch 'stable'
      common: Abort test cases when one fails
      path: Fix expanding of paths and tests
      path: Add p11_path_parent() function
      trust: Correctly reflect the CK_TOKEN_INFO writability flags
      trust: Writable module PKCS#11 token functions
      Merge branch 'stable'
      Reorganize various components
      Fix running trust module tests under distcheck
      Fix dependency between p11-kit command and library
      trust: Implement validation for creating/modifying objects
      path: Add p11_path_prefix() function
      iter: Add iteration mode where session is not busy
      trust: Implement reloading of token data
      trust: Rename p11_index_batch() to p11_index_load()
      path: Add p11_path_canon() function
      trust: Add support for saving files with unique file names
      trust: Don't write out internal attributes when persisting
      trust: Correctly handle persisting OIDs with zero length
      trust: If token path is a file, don't try loading subdirectories
      trust: Initial support for writing out token objects
      trust: Add p11_asn1_read() and p11_asn1_free() functions
      trust: Add p11_oid_hash() and various oid strings
      trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spe
      p11-kit: Add P11_KIT_MODULE_TRUSTED flag
      common: Fix typo, and don't escape '6' in URL encoding
      asn1: In p11_asn1_read() allocate an extra null terminator
      trust: Support using the parser without an asn1_cache
      trust: Explicitly specify which formats parser should parse
      trust: Support token directory paths in user's home directory
      trust: Mark CKA_X_DISTRUSTED as a boolean attribute
      trust: Fix various issues writing objects in trust token
      trust: Add a basic 'anchor' command to store a new anchor
      trust: Fix bug with load validation failures
      trust: Fix the 'p11-kit extract' command
      Add support for using freebl3 for SHA1 and MD5 hashing
      Various documentation tweaks and fixes for warnings
      Build with -fno-common to catch definition problems
      Remove erroneous comments about readdir() and thread-safety
      Fixes for some recent win32 regressions
      iter: Document guarantees for filter matches argumet
      Make preconditions abort unconditionally when scanning with coveri
      buffer: Check for unlikely integer overflow
      open files with O_CLOEXEC when possible
      Fix various issues highlighted by coverity scanner
      tools: Use $TMPDIR instead of $TEMP
      Don't load configs from user directory when setuid
      Support expanding $XDG_CONFIG_HOME in user config paths
      Declare static variables const where it makes sense
      Avoid using the non-thread-safe strerror() function
      attrs: Check printf formatting in buffer_append_printf()
      Don't call memdup with zero length or NULL pointer
      Always pass size_t varargs to p11_hash_xxx() functions
      Fix p11_kit_space_strlen() result when empty string
      Use getpwuid_r() instead of the non-thread-sofe getpwuid()
      Use $XDG_CONFIG_HOME/pkcs11 as default user config directory
      Fix extract example in documentation
      Release version 0.19.2
      Add appropriate const qualifiers
      doc: Add identifiers to doc sections so gtk-doc doesn't autogen th
      Use an automake aux directory for storing litter
      Use simple serial automake test harness
      Fix various memory leaks exposed by 'make leakcheck'
      Don't use _GNU_SOURCE and fix strerror_r usage
      Fix uninitialized variables
      Make tests work on file systems with block size directories
      Release version 0.19.3
      trust: Add test tool for creating BasicConstraints
      compat: Check return value of mmap() properly
      Avoid multiple stat() calls for same file
      p11-kit: Rename list.c to lists.c to simplify debugging
      debug: Add missing 'tool' flag to debug flags
      debug: Allow debug lines longer than 512 characters
      tool: Only include debug lines marked 'tool' when --verbose
      iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behavior
      iter: Add p11_kit_iter_get_token() call
      iter: Add p11_kit_iter_set_uri() function
      iter: Add a p11_kit_iter_destroy_object() function
      Add p11-kit style typedefs for iter and uri
      trust: Correctly rewrite other objects in a modifiable persist fil
      trust: Prefer parsing the persist format to PEM
      trust: Add index callback for when an object is removed
      trust: Do reload object removals inside a loading block
      trust: Refactor enumeration of certificates to extract
      trust: Add support for removing trust token objects
      trust: Add a list command to the trust tool
      trust: Add 'trust anchor --remove' command
      trust: Document the new command line trust tool
      Route 'p11-kit extract-trust' over to trust tool
      Release version 0.19.4
      Documentation tweaks
      Release version 0.20.0

manphiz at (1):
      Fix uninitialized p11_library_once




More information about the p11-glue mailing list