# Generate automatically. Do not edit.

commit 3770793f026e46a000d2d8816d56122598289d5c
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-28

    Release 0.23.14

 NEWS         | 6 ++++++
 configure.ac | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

commit c1b565413dae632a4ab78cea08ed103d9418921b
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-22

    virtual: Tighten error handling when fixed closures are exhausted

 p11-kit/virtual.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

commit 347a8793d23036433ab0ba39049f0e832bb05b3d
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-22

    virtual: Don't be too loud about recoverable failure

 p11-kit/virtual.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

commit 9a7892ef3fd9d4bd70df41fb0200782dc6134c70
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-24

    trust: Factor out module initialization into separate file
    
    This prevents double call to p11_library_init() in test-module.c, once
    from the ELF constructor, and secondly from the test itself.

 trust/Makefile.am   |  2 +-
 trust/module-init.c | 43 ++++++++++++++++++++++++++++++++++++++++++
 trust/module.c      | 54 -----------------------------------------------------
 3 files changed, 44 insertions(+), 55 deletions(-)

commit 0d7fbd5189ba1414d84326ddc8e4cff98f66a44b
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-27

    common: Factor out common initializer code into a header

 common/Makefile.am    |  1 +
 common/init.h         | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++
 p11-kit/client-init.c | 60 +++-----------------------------
 p11-kit/proxy-init.c  | 59 +++-----------------------------
 4 files changed, 103 insertions(+), 111 deletions(-)

commit 0961cf527f1414bf5a900d958ee776cdd28f3525
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-24

    travis: Manually install cpp-coveralls
    
    To accommodate the gcov format change in gcc 8.1:
    https://github.com/eddyxu/cpp-coveralls/pull/127
    which is not yet available in the pip version.

 .travis/linux/after_success.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

commit 2066e7c57a7ae82e35fee3deaa06d89498d749a3
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-23

    travis: Check valgrind exit code more strictly

 .travis/linux/script.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit 7a844d8e8c1c87401b161094023cf309ca111095
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-21

    README.md: Add CII Best Practices badge

 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit f2a17c5e1dbc75a0142c6330bab588deb0060151
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-21

    README.md: Mention contact method for security issues

 README.md | 5 +++++
 1 file changed, 5 insertions(+)

commit b9ef1c5f4dbdfbab504479fdc899e344ff7bb44a
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-17

    Revert "build: Explicitly link threaded test programs to libpthread"
    
    This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0.

 configure.ac        | 10 ----------
 p11-kit/Makefile.am |  8 ++++----
 2 files changed, 4 insertions(+), 14 deletions(-)

commit 35b39cb2bf6d50a117a9e4c8e18100d19716ea71
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-17

    Revert "build: Stop linking the library with libpthread when possible"
    
    This reverts commit 50f8906e63c9413a7687bab6608496d83c29a222.

 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

commit 56f3b9370747a7a33a9d56ff9365c89700dd0e67
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-17

    Revert "common: Prefer __register_atfork() to pthread_atfork() if possible"
    
    This reverts commit ce3cec7f8742254b8627b9db48973b81e91cbfc8.

 common/library.c | 19 +------------------
 configure.ac     |  2 --
 2 files changed, 1 insertion(+), 20 deletions(-)

commit a877b0eca3d59f7f8cd126047c0e899df6018858
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-17

    Revert "build: Link to libpthread, if pthread_atfork() needs to be used"
    
    This reverts commit 541d79cb651cfd3238b9aa41fce70208df8e9496.

 NEWS             |  2 +-
 common/library.c | 10 ++++------
 configure.ac     |  7 +------
 3 files changed, 6 insertions(+), 13 deletions(-)

commit f69746d140cec20516c223825523fb0ade53384a
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date:   2018-08-14

    Update pkcs11 header to allow SoftHSMv2 to compile
    
    Replace vendor-specific values with the IDs from PKCS11 v3.0 for those
    constants that were already standardized.

 common/pkcs11.h | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 220 insertions(+), 18 deletions(-)

commit abc542bd5abf46c5170f8a0c3dcc62eff0c9cfde
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-13

    travis: Check that proxy module can be loaded and unloaded

 .travis/linux/before_install.sh | 2 +-
 .travis/linux/script.sh         | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

commit 34416ed787d804e0d293e47f2d10dc62ddea407c
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-13

    proxy: Avoid invalid memory access when unloading proxy module
    
    When loading and unloading p11-kit-proxy.so with pkcs11-tool, it
    accesses already free'd memory area:
    
    $ valgrind pkcs11-tool --module p11-kit-proxy.so -L
    ==25173== Invalid read of size 8
    ==25173==    at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724)
    ==25173==    by 0x64BD028: _p11_kit_fini (proxy-init.c:65)
    ==25173==    by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so)
    ==25173==    by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so)
    ==25173==    by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so)
    ==25173==    by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so)
    ==25173==    by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so)
    ==25173==    by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so)
    ==25173==    by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool)
    ==25173==    by 0x110023: ??? (in /usr/bin/pkcs11-tool)
    ==25173==    by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so)
    ==25173==  Address 0x61231c8 is 552 bytes inside a block of size 584 free'd
    ==25173==    at 0x4C2FDAC: free (vg_replace_malloc.c:530)
    ==25173==    by 0x6548492: p11_virtual_unwrap (virtual.c:2902)
    ==25173==    by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723)

 p11-kit/proxy.c | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

commit 541d79cb651cfd3238b9aa41fce70208df8e9496
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-10

    build: Link to libpthread, if pthread_atfork() needs to be used
    
    On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is
    provided as a nop and our fork detection mechanism doesn't work.  Pull
    in the actual implementation from libpthread in that case.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

 NEWS             |  2 +-
 common/library.c | 10 ++++++----
 configure.ac     |  7 ++++++-
 3 files changed, 13 insertions(+), 6 deletions(-)

commit 6a8da20c0432499480731548256294844cade631
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-10

    build: Don't install systemd unit files when "make distcheck"

 Makefile.am | 1 +
 1 file changed, 1 insertion(+)

commit ef001069d069df43de029f3b84206676badd8a4e
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-10

    Release 0.23.13

 NEWS         | 7 +++++++
 configure.ac | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

commit ce3cec7f8742254b8627b9db48973b81e91cbfc8
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-09

    common: Prefer __register_atfork() to pthread_atfork() if possible

 common/library.c | 19 ++++++++++++++++++-
 configure.ac     |  2 ++
 2 files changed, 20 insertions(+), 1 deletion(-)

commit 50f8906e63c9413a7687bab6608496d83c29a222
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-13

    build: Stop linking the library with libpthread when possible

 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

commit ebfd7da82d7b9eea81067479861aac2d2c07cc29
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-20

    common: Use thread-local storage class when possible
    
    This eliminates the unconditional use of pthread_{get,set}specific()
    and pthread_key_{create,delete}(), which glibc doesn't provide the stubs.

 common/library.c | 22 ++++++++++++++++++++++
 configure.ac     | 12 ++++++++++++
 2 files changed, 34 insertions(+)

commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-20

    build: Explicitly link threaded test programs to libpthread
    
    Some test programs use pthread_create(), which glibc doesn't provide
    the stub.  Link those programs with -lpthread.

 configure.ac        | 10 ++++++++++
 p11-kit/Makefile.am |  8 ++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

commit f04c2a84ad2a017a778fa2f23719318acb9ca89f
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-20

    common, p11-kit, trust: Use pthread_once only when necessary
    
    If the ELF constructor is usable, we don't really need the once-init
    function because it is guaranteed that the code runs only once in the
    constructor.

 common/library.c      |  4 +++-
 common/library.h      | 10 ++++++++++
 p11-kit/client-init.c |  2 +-
 p11-kit/proxy-init.c  |  2 +-
 trust/module.c        |  2 +-
 5 files changed, 16 insertions(+), 4 deletions(-)

commit 5b18e77e9dbb6a598812427ba07ad6df63eb7a67
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-20

    common: Use static mutex initializer when possible
    
    This eliminates the use of pthread_mutexattr_* functions, which glibc
    doesn't provide the stubs.

 common/compat.c  |  4 +++-
 common/compat.h  | 18 +++++++++++++++++-
 common/library.c | 14 ++++++++++----
 3 files changed, 30 insertions(+), 6 deletions(-)

commit 22cb49b9105657cafb98624be37f05b169f73dd6
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-08-01

    server: Avoid FD leak in error cases
    
    Spotted by coverity.

 p11-kit/server.c | 3 +++
 1 file changed, 3 insertions(+)

commit 19aaf573580e52265f57f9b7af7a03bfdfaf71e0
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-19

    trust: Clarify C_Login behavior that returns an error

 trust/module.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

commit ab27346ceb5d4e856671a033ac1f6521c86514a1
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-10

    proxy: Fail early if there is no slot mappings

 p11-kit/proxy.c      |  2 ++
 p11-kit/test-proxy.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)

commit fb5742cdecfde1c13d9ce610cdec050792cc57ca
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-09

    travis: Install pip for coveralls

 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit b6d20ac16da7128089031248eed4afe08f6934d3
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-06-27

    rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules
    
    This patch removes the restriction of p11_kit_remote_serve_tokens()
    that were not capable of serving tokens across multiple modules.

 p11-kit/Makefile.am   |   5 +-
 p11-kit/remote.h      |   2 +-
 p11-kit/rpc-server.c  | 209 ++++++++++++++++++++++++++++++++++----------------
 p11-kit/test-server.c |  83 +++++++++++++++-----
 4 files changed, 210 insertions(+), 89 deletions(-)

commit 9d2ce267e6714c6a565a9ded3aa0001918d1ae1d
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-06-27

    build: Use separate p11-kit-{remote,server} executable for testing
    
    Otherwise, the p11-kit-remote program called from p11-kit-server would
    load the system modules instead of the local fixtures.

 .gitignore            |  2 ++
 p11-kit/Makefile.am   | 26 ++++++++++++++++++++++++++
 p11-kit/server.c      |  2 +-
 p11-kit/test-server.c |  4 ++--
 4 files changed, 31 insertions(+), 3 deletions(-)

commit 8d8bff0a2edf4659b641dde1333eb6a7c695671c
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-06-25

    proxy: Allow proxy to be created from the library
    
    Previously, to aggregate multiple modules into one, there was no other
    way than loading the proxy module.  From the p11-kit applications,
    however, it is not possible to load that module because of the
    recursive loading check (p11_proxy_module_check).
    
    This patch adds another means to aggregate modules, through a library
    function p11_proxy_module_create.

 p11-kit/proxy.c | 40 +++++++++++++++++++++++++++++++++++++++-
 p11-kit/proxy.h |  3 +++
 2 files changed, 42 insertions(+), 1 deletion(-)

commit a65696b3e79acb602bd0c000f8524d3cc8998187
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-06-25

    proxy: Turn global variables module local

 p11-kit/proxy.c | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

commit c53888a802eed4baa4aff54060334d2fdbfc7648
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-07-13

    build: Make reallocarray detection robuster
    
    On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is
    defined.  Reported by Patrick Welche in:
    https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html

 common/compat.h | 2 +-
 configure.ac    | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

commit 53a7e915b2694bc1957d98493a7aee9abfa3c6c5
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-06-20

    server: Enable socket activation through systemd
    
    This enables socket activation of "p11-kit server" through systemd.
    The feature provided is essentially the same as commit
    a4fb2bb5 (reverted), but implemented with "p11-kit server" and
    libsystemd API instead of wrapping "p11-kit remote" in the unit file.
    
    Note that, while it exposes all tokens through the socket, it doesn't
    increase attack surface beyond the PKCS#11 binary interface provided
    by p11-kit-proxy.so, because the service is per-user.

 .gitignore                        |  2 +-
 configure.ac                      | 23 +++++++++++++++++++++++
 p11-kit/Makefile.am               | 22 ++++++++++++++++++++++
 p11-kit/p11-kit-server.service.in | 15 +++++++++++++++
 p11-kit/p11-kit-server.socket     | 11 +++++++++++
 p11-kit/server.c                  | 33 ++++++++++++++++++++++++---------
 6 files changed, 96 insertions(+), 10 deletions(-)

commit d4a4039f97b2e1f67d09d7cd8c05fb2dd129b23c
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-31

    build: Ease issetugid() check when cross-compiling
    
    When cross-compiling, the configure check for issetugid() aborts,
    because of the pessimistic default of AC_RUN_IFELSE.  This patch
    provides the non-pessimistic default to AC_RUN_IFELSE and wrap the
    macro invocation with AC_CACHE_CHECK so that the user can override the
    check by setting ac_cv_issetugid_openbsd=yes, as suggested in:
    https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Runtime.html#Runtime

 configure.ac | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

commit 3dd5810143e51dabdc58069e55b09a950349fa08
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-28

    Release 0.23.12

 NEWS         | 5 +++++
 configure.ac | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

commit f696eddecaa1f1cd1687ab5dbb942128aaca1903
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-29

    travis: Add build scripts for macOS

 .travis.yml                   | 1 +
 .travis/osx/after_failure.sh  | 3 +++
 .travis/osx/before_install.sh | 5 +++++
 .travis/osx/script.sh         | 6 ++++++
 4 files changed, 15 insertions(+)

commit a21898570d3e713155f0d8048bc6350f069f58ff
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-29

    travis: Use matrix

 .travis.yml                     | 84 +++++++++++++++++++++--------------------
 .travis/linux/after_failure.sh  |  3 ++
 .travis/linux/after_success.sh  |  9 +++++
 .travis/linux/before_install.sh |  9 +++++
 .travis/linux/install.sh        | 14 +++++++
 .travis/linux/script.sh         | 11 ++++++
 6 files changed, 90 insertions(+), 40 deletions(-)

commit 35637892e517d0e8e08dbe214f638317499ea0f5
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-29

    test: Avoid unnecessary memory allocation

 common/test-runtime.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

commit ccb0c207964189742e97acfd817fb3c6b99e5865
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-29

    common: Fix runtime directory detection when given prefix is long

 common/runtime.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

commit 71b62aa1cdbdec3724c8e451f621309994dc59a0
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-29

    common: Don't rely on issetugid() when it is broken
    
    On macOS and FreeBSD, issetugid() has different semantics from the
    original OpenBSD implementation and cannot reliably detect if the
    process made setuid/setgid:
    https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e
    
    This should fix:
    https://bugs.freedesktop.org/show_bug.cgi?id=67451
    https://bugs.freedesktop.org/show_bug.cgi?id=100287

 common/compat.c |  2 +-
 configure.ac    | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

commit 79f928492dba6a46c63e77d6b22c17c23e66403b
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-28

    build: Don't use locale funcs if locale_t is not defined in locale.h
    
    On macOS, locale_t is not defined in <locale.h>.  Although it is
    defined in <xlocale.h>, we rather not use locales at all for POSIX
    compliance.

 common/compat.h       |  6 ++++++
 common/debug.c        |  4 ++--
 common/library.c      |  6 +++---
 common/message.c      |  4 ++--
 common/test-message.c |  6 +++---
 configure.ac          | 11 ++++++++---
 6 files changed, 24 insertions(+), 13 deletions(-)

commit cd0a2de679a81829b7323bc5db46222b9eaab1d9
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-28

    pkcs11: Exercise GNU calling convention at compile time

 .gitignore          |  1 +
 p11-kit/Makefile.am | 32 ++++++++++++++++++++++++++++++++
 p11-kit/iter.h      | 10 ++++++++++
 p11-kit/uri.h       |  4 ++++
 4 files changed, 47 insertions(+)

commit e4c5d3b34941bdc433072a492a0a7fdbddba0cc2
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-25

    build: Simplify README inclusion
    
    Use symlink in the repository, instead of copying.

 .gitignore  | 1 -
 Makefile.am | 7 +------
 README      | 1 +
 3 files changed, 2 insertions(+), 7 deletions(-)

commit 65dd5469ad164465583167c63114478587db59fd
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-24

    NEWS: Mention latest changes

 NEWS | 2 ++
 1 file changed, 2 insertions(+)

commit 8b90031aeb495116a87851dca50845b8df0d1e90
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-25

    build: Delay building mock-six.la until "make check"

 p11-kit/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit 8df105871eb5f6bca3e5f4dcf165f2bbf920f106
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-24

    build: Include README in the distribution
    
    As we removed README from the repository, it is no longer
    automatically picked up for the distribution by Automake.

 Makefile.am | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

commit 275eed62b5d0e17c092b66af233ffc5b2f45245b
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-24

    build: Fix ChangeLog generation

 Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit bf204ada4685415287b3d03b3d79634c86739b83
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-24

    build: Remove obsolete upload rules

 Makefile.am | 15 ---------------
 1 file changed, 15 deletions(-)

commit e2002df5707dd306cea0684706361be72891231b
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-24

    build: Include p11-kit/test-messages.sh in distribution

 p11-kit/Makefile.am | 1 +
 1 file changed, 1 insertion(+)

commit 258da75cd606a3653bc414a6ace01c8bfdfabca6
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-24

    uri: Make scheme comparison case-insensitive
    
    RFC 3986 suggests that implementations should accept uppercase letters
    as equivalent to lowercase in scheme names.

 p11-kit/test-uri.c | 21 +++++++++++++++++++++
 p11-kit/uri.c      | 12 +++++++++---
 2 files changed, 30 insertions(+), 3 deletions(-)

commit 117b35db99af4331daad4279eadfb9280e0c1325
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-24

    common: Make case conversion locale independent
    
    The tolower()/toupper() functions take into account of the current
    locale settings, which p11-kit doesn't want.  Add replacement
    functions that work as if they are called under the C locale.

 common/compat.c         | 16 ++++++++++++++++
 common/compat.h         |  3 +++
 common/mock.c           |  4 ++--
 common/url.c            |  4 ++--
 trust/extract-jks.c     |  2 +-
 trust/extract-openssl.c |  2 +-
 6 files changed, 25 insertions(+), 6 deletions(-)

commit e42dcf5283a5537c196147c9a2468ee537b9da7b
Author: Nathaniel McCallum <npmccallum@redhat.com>
Date:   2018-05-14

    Improve const correctness for P11KitUri
    
    This does not improve const for the getters. The reason for this is that
    they are usually passed into the PKCS#11 APIs directly and these APIs
    are not const correct. Trying to force const correctnesss here would
    result in pain for library consumers.
    
    This is an API and ABI compatible change.

 p11-kit/private.h | 12 ++++++------
 p11-kit/uri.c     | 34 +++++++++++++++++-----------------
 p11-kit/uri.h     | 36 ++++++++++++++++++------------------
 3 files changed, 41 insertions(+), 41 deletions(-)

commit 6af8234936f805a9c6dceb29a84e73d40ed4b257
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   2018-05-18

    README: replace by README.md
    
    That is, use README.md as primary source to generate README as
    README is required by the GNU guidelines. We don't try to convert
    to "real" plain text as markdown is readable, and to avoid introducing
    another dependency (e.g., pandoc).
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

 .gitignore  | 1 +
 Makefile.am | 1 +
 README      | 8 --------
 3 files changed, 2 insertions(+), 8 deletions(-)

commit 58c3eb9acf5885069652f1b02edb7aca01580b96
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   2018-05-18

    NEWS: mark the 0.23 series as stable
    
    Resolves #80
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit 14610d49c4e6c68022be63df1481f74ccb0aa75a
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   2018-05-18

    README.md: added reference to Daiki's key
    
    Resolves #153
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

 README.md | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

commit f272dd4a1c68125c8f696b1e0eebb15c45c6923a
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-07

    Release 0.23.11

 NEWS         | 8 ++++++++
 configure.ac | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

commit 5f68c96da949b08e2afd109d276d80e42cab68b7
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-07

    common: Pacify clang-analyzer

 common/buffer.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

commit 98fbfc3b6126c809eb44c700871facca6ac7727d
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-07

    trust: Avoid array overflow

 trust/builder.c         | 4 ++--
 trust/extract-openssl.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

commit 34ab20cbf79ca50972bf3088c8b6e9978ff0dc2b
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-07

    trust: Don't null terminate PKCS #11 string fields

 trust/module.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

commit ba006ed40cad2e0d1fe3c3355c18bdfb612c2cd6
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-07

    proxy: Don't null terminate PKCS #11 string fields

 p11-kit/proxy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

commit 1b85c62af8146efa0e648a297179db2bbfe59b43
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-05-03

    test: Avoid exceeding maximum pathname length of Unix socket

 p11-kit/test-server.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

commit a625dfa4f2456b1a866489e5be15fb46578237a5
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-27

    library: Use dedicated locale object for printing error

 common/debug.c        | 14 +++++++-------
 common/library.c      | 13 +++++++++++++
 common/message.c      | 14 +++++++-------
 common/test-message.c | 15 +++++++++++++++
 configure.ac          |  2 +-
 5 files changed, 43 insertions(+), 15 deletions(-)

commit 6202903b261dfae740af3f8e985244bab48470ba
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-27

    Revert "build: Check strerror_l() and uselocale() seperately"
    
    This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1.
    
    We should rather use newlocale() when per-thread locale is not set.
    Otherwise uselocale() could return LC_GLOBAL_LOCALE on some
    platforms (e.g. musl-libc) and calling strerror_l() with it leads to
    an undefined behavior.

 common/debug.c   | 9 ++-------
 common/message.c | 9 ++-------
 configure.ac     | 2 +-
 3 files changed, 5 insertions(+), 15 deletions(-)

commit 173ad93cc54057886b2055f3d73ea64a047127d1
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-19

    build: Check strerror_l() and uselocale() seperately
    
    NetBSD deliberately doesn't support per-thread locale and our
    thread-safe replacement of strerror() using strerror_l() cannot be
    used.  Fallback to strerror_r() in that case.

 common/debug.c   | 9 +++++++--
 common/message.c | 9 +++++++--
 configure.ac     | 2 +-
 3 files changed, 15 insertions(+), 5 deletions(-)

commit a95c7a3e936896349bf925ca7cd47f0a03166249
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-10

    travis: Optimize dnf install invocation

 .travis.yml | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

commit e4b86e449a83428592e45db28834be950e837d74
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-10

    test: Add installcheck script to test trust module
    
    Currently it only checks that "disable-in: p11-kit-proxy" properly
    prevents the trust module being loaded by the proxy module.

 trust/Makefile.am   |  4 +++-
 trust/test-trust.sh | 21 +++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

commit 5d97643884879d4967d21cb29c9917271a4b65db
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-10

    trust: Prevent trust module being loaded by proxy module
    
    Otherwise, when the proxy module were registerd in NSS database, the
    trust module would be loaded twice and degrade search performance.

 trust/p11-kit-trust.module | 3 +++
 1 file changed, 3 insertions(+)

commit af71f7961370714112f258c0e404d96bdef9cee9
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-10

    travis: Run "make installcheck"

 .travis.yml | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

commit cbef7f5d8a14d46ecdf0c25c3d38d26598a66f8c
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-10

    trust: Fix memleak in p11_enumerate_opt_filter
    
    p11_kit_iter_add_filter() takes the ownership of given attributes.
    Spotted by address sanitizer.

 trust/enumerate.c | 1 +
 1 file changed, 1 insertion(+)

commit e4a5466e5e3cfe22344e79c6e1a0ad9a7945a602
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-10

    test: Factor out common harness from test-extract.in

 .gitignore                                 |   2 +-
 configure.ac                               |   2 +-
 trust/Makefile.am                          |   7 +-
 trust/{test-extract.in => test-extract.sh} |  92 +------------------------
 trust/test-init.sh.in                      | 106 +++++++++++++++++++++++++++++
 5 files changed, 114 insertions(+), 95 deletions(-)

commit dcb6ee3fa89e0c9586e2b09e1f60aa076f263123
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-03-31

    test: Add test for JKS extractor
    
    Piggybacking commit de963b96, this adds a multi-cert test case for the
    Java keystore extractor.

 trust/Makefile.am           |   5 ++
 trust/extract-jks.c         |   7 +-
 trust/fixtures/multiple.jks | Bin 0 -> 2556 bytes
 trust/test-jks.c            | 213 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 224 insertions(+), 1 deletion(-)

commit af6ab322b1ad9a4f4a0117a79bd566550ec0a0a8
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-05

    test: Add test for p11_attrs_purge()

 common/test-attrs.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

commit 843fca9b67b7407a47bcae698f434c975a4a4e91
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-05

    mock-module-ep: Properly override C_GetFunctionList

 p11-kit/mock-module-ep.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit a6d0e490209638605b17b0bdc66ad03d36909dae
Author: Daiki Ueno <dueno@redhat.com>
Date:   2018-04-05

    modules: Add option to control module visibility from proxy
    
    This enables to control whether a module will be loaded from the proxy
    module.  The configuration reuses the "enable-in" and "disable-in"
    options, with a special literal "p11-kit-proxy" as the value.

 doc/manual/pkcs11.conf.xml |  2 ++
 p11-kit/modules.c          | 35 ++++++++++++++-----
 p11-kit/p11-kit.h          |  1 +
 p11-kit/private.h          |  5 +++
 p11-kit/proxy.c            |  2 +-
 p11-kit/test-proxy.c       | 83 ++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 118 insertions(+), 10 deletions(-)

commit de963b96929b9da61916a0c43b4ac4c34a39e238
Author: Laszlo Ersek <lersek@redhat.com>
Date:   2018-03-29

    trust: add unit test for the "edk2-cacerts" extractor
    
    Add a multi-cert test case for the edk2 extractor, heavily based on the
    "/openssl/test_file_multiple" test case.
    
    Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
    Signed-off-by: Laszlo Ersek <lersek@redhat.com>

 trust/Makefile.am            |   5 ++
 trust/fixtures/multiple.edk2 | Bin 0 -> 2549 bytes
 trust/test-edk2.c            | 209 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 214 insertions(+)

commit ee27f9153a14d0c6d75f8745a8c1879a6e4bb2e8
Author: Laszlo Ersek <lersek@redhat.com>
Date:   2018-03-27

    trust: implement the "edk2-cacerts" extractor
    
    Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST
    format that is
    
    - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object
      per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID),
    
    - and expected by edk2's HttpDxe when it configures the certificate list
      for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the
      TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c").
    
    The intended command line is
    
      p11-kit extract \
        --format=edk2-cacerts \
        --filter=ca-anchors \
        --overwrite \
        --purpose=server-auth \
        $DEST/edk2/cacerts.bin
    
    Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
    Signed-off-by: Laszlo Ersek <lersek@redhat.com>

 trust/extract-edk2.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 168 insertions(+), 1 deletion(-)

commit 59054e4f9fe3e95f8db881973901ab59a0b1ef8a
Author: Laszlo Ersek <lersek@redhat.com>
Date:   2018-03-27

    trust: introduce the "edk2-cacerts" extractor skeleton
    
    Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always
    fails, silently.
