ANNOUNCE: p11-kit 0.22.0

Stef Walter stef at
Sat Oct 4 04:40:15 PDT 2014

Announcing a new release of p11-kit. This is a stable release (at least
that's the idea :)

The 0.22.x series focuses on remoting PKCS#11. Not all the various
types of remoting are implemented yet, but the basic logic is in place.

These changes occurred over the course of the 0.21.x series, and 0.22.x
releases will have minor bug fixes and stabilization.

What's new in 0.22.x

 * Add 'remote' option to run a PKCS#11 module in another process or
   on another machine.
 * Install a new public pkcs11x.h header containing extensions
 * Use secure_getenv() where necessary
 * Use term 'attached extensions rather than 'stapled extensions'
 * Show public-key-info in 'trust list --details'
 * Fix racy and deadlock prone use of pthread_atfork()
 * Lots of build fixes

Many thanks to everyone who contributed with review, patches and testing :)

Detailed changes between 0.20.x and 0.22.0

Baruch Siach (1):
      Fix build against older pthreads implementations

Michael Cronenworth (3):
      trust: Fix token test when building with MinGW
      p11-kit: Fix tests when building with MinGW
      common: Move unistd include to define getopt and friends

Roman Bogorodskiy (2):
      Fix build without debug
      configure: Check for pthread_create() in pthread library

Stef Walter (55):
      rpc: Implement PKCS#11 messages/client/server code
      Add compatibility fdwalk() function
      test: Move some file and directory code into general test stuff
      modules: Make config file and module configs overridable by tests
      mock: Minor testing tweaks to mock testing
      rpc: Implement execution of another tool to transport PKCS#11 RPC
      p11-kit: Add 'p11-kit remote' command for isolating modules
      p11-kit: Cleanup and add documentation for 'remote' option
      p11-kit: Add a new 'isolate' pkcs11 config option
      p11-kit: Don't complain about C_Finalize called in wrong process
      p11-kit: Tweak last commit, handle the not-forked case
      common: Don't do repeated linear reallocation of array memory
      po: Add new translations: oc
      Release version 0.21.1
      common: Allow specifying which tests to run on command line
      trust: Parse TRUSTED CERTIFICATE openssl format even without CertA
      trust: Fix use of invalid memory in PEM parser Add subdir-objects to satisfy newer automakes
      p11-kit: Fix bad check of asprintf() return value
      p11-kit: Fix integer overflow in memset() argument
      trust: Remove dead while condition in anchor commond
      trust: Fix use after free and double free in extract command
      trust: Fix leak in trust list command
      trust: Fix unlikely use of uninitialized memory in token loading
      trust: Fix leak in token loading error path
      Fix mostly erroneous scanner warnings in tests
      common: Quiet down clang scanner with assertions
      Quiten down scanner warnings about unused variables
      p11-kit: Remove use after free in debug output code path
      trust: Double check that index bucket is valid before access
      trust: Print label of certificate when complaining about basic con
      trust: Don't use invalid public keys for looking up stapled extens
      Ignore clang scanner litter
      p11-kit: Fix various noise/issues highlighted by clang
      doc: Fix missing tag in p11-kit-sharing.xml
      Fix 'make upload-release' target
      common: Fix regression introduced by last commit
      Move to non-recursive Makefile for building bins and libs
      trust: Produce a proper message for an invalid stapled extension
      Release version 0.21.2
      trust: Show public-key-info in 'trust list --details'
      p11-kit: Make proxy module respect critical = no
      p11-kit: Compilation fixes for previous commit
      common: Add support for multiple field names (ie: nicks) per cons
      common: Change the CKA_X_PUBLIC_KEY_INFO constant to CKA_PUBLIC_KE
      common: New public pkcs11x.h header containing extensions
      trust: Use term 'attached extensions' instead of 'stapled'
      Release version 2.21.3
      p11-kit: Remove the 'isolated' option for now
      common: In tests preserve parent environment for children
      common: Use secure_getenv() implementation when setuid
      p11-kit: P11_KIT_PRIVATEDIR env var overrides private binary dir
      remote: Run separate executable binary for 'p11-kit remote'
      p11-kit: Use pthread_atfork() in a safe manner
      Release version 0.22.0




More information about the p11-glue mailing list