AArch64 | |
ppc64le | |
s390x | |
x86-64 |
- 0001-common-Use-reallocarray-instead-of-realloc-as-approp.patch 0001-Check-for-arithmetic-overflows-before-allocating.patch 0001-Follow-up-to-arithmetic-overflow-fix.patch: Fixed multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361)
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993, 0001-trust-Support-CKA_NSS_-SERVER-EMAIL-_DISTRUST_AFTER.patch) - add bcond to spec file to enable debug easily
- new version 0.19.4 * 'trust anchor' now adds/removes certificate anchors * 'trust list' lists trust policy stuff * 'p11-kit extract' is now 'trust extract' * 'p11-kit extract-trust' is now 'trust extract-compat' * Workarounds for working on broken zfsonlinux.org [#68525] * Add --with-module-config parameter to the configure script [#68122] * Add support for removing stored PKCS#11 objects in trust module
- new version 0.19.3 * Fix up problems with automake testing * Fix a bunch of memory leaks in newly refactored code * Don't use _GNU_SOURCE and the unportability it brings * Add basic 'trust anchor' command to store a new anchor * Support for writing out trust token objects * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec * Add option to use freebl for hashing * Implement reloading of token data * Fix warnings and possible minor bugs higlighted by code scanners * Don't load configs in home directories when running setuid or setgid * Support treating ~/.config as $XDG_CONFIG_HOME * Use $XDG_DATA_HOME/pkcs11 as default user config directory * Use $TMPDIR instead of $TEMP while testing * Open files and fds with O_CLOEXEC * Abort initialization if a critical module fails to load * Don't use thread-unsafe functions: strerror, getpwuid * Fix p11_kit_space_strlen() result when empty string * Refactoring of where various components live
- fix 32bit provides of libnssckbi.so - repace p11-kit-extract-trust with update-ca-certificates
- provide libnssckbi.so to replace mozilla-nss-certs
- add p11-kit-nss-trust subpackage that serves as drop-in replacement for mozilla-nss-certs
- use /etc/pki/trust and /usr/share/pki/trust as system CA certificate store
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065) Added p11-kit-CVE-2020-29362.patch: