Changes since pam-p11-0.1.5 from the NEWS file:
New in 0.3.1; 2019-09-11; Frank Morgner
* CVE-2019-16058: Fixed buffer overflow when creating signatures longer than 256
bytes
New in 0.3.0; 2019-04-24; Frank Morgner
* Add Italian translation
* Add support for matching the PIN-input with a regular expression
* Add support for macOS
* Add support for building with OpenSSL 1.1.1
* Add support for nistp256/384/521 keys in authorized_keys file
New in 0.2.0; 2018-05-16; Frank Morgner
* Add user documentation in Readme.md
* Add support for PIN pad readers
* Add support for changing/unblocking PIN (use with passwd)
* Add support for localized user feedback
* Add support for cards without certificates (e.g. OpenPGP card)
* Add support for PKCS#11 modules with multiple slots
* Add support for building with OpenSSL 1.1
* Merged opensc and openssh module into pam_p11.so
* Fixed memory leaks, coverity issues, compiler warnings
* Created `test-passwd` and `test-login` for testing standard use cases
New in 0.1.6; 2017-03-06; Alon Bar-Lev
* Build system rewritten (NOTICE: configure options was modified).
Changes since libp11-0.2.8 from the NEWS file:
New in 0.4.4; 2017-01-26; Michal Trojnara
* Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl;
fixes#141 (Michal Trojnara)
* "?" and "&" allowed as URI separators; fixes#142 (Michal Trojnara)
* engine: Unified private/public key and certificate enumeration
to be performed without login if possible (Michal Trojnara)
New in 0.4.3; 2016-12-04; Michal Trojnara
* Use UI to get CKU_CONTEXT_SPECIFIC PINs (Michal Trojnara)
* Added graceful handling of alien (non-PKCS#11) keys (Michal Trojnara)
* Added symbol versioning (Nikos Mavrogiannopoulos)
* Soname tied with with the OpenSSL soname (Nikos Mavrogiannopoulos)
* Added MSYS2, Cygwin, and MinGW/MSYS support (Pawel Witas)
* Workaround implemented for a deadlock in PKCS#11 modules that
internally use OpenSSL engines (Michal Trojnara, Pawel Witas)
* Fixed an EVP_PKEY reference count leak (David Woodhouse)
* Fixed OpenSSL 1.1.x crash in public RSA methods (Doug Engert,
Michal Trojnara)
* Fixed OpenSSL 1.1.x builds (Nikos Mavrogiannopoulos, Michal Trojnara)
* Fixed retrieving PIN values from certificate URIs (Andrei Korikov)
* Fixed symlink installation (Alon Bar-Lev)
New in 0.4.2; 2016-09-25; Michal Trojnara
* Fixed a 0.4.0 regression bug causing the engine finish function to
remove any configured engine parameters; fixes#104 (Michal Trojnara)
New in 0.4.1; 2016-09-17; Michal Trojnara
* Use enginesdir provided by libcrypto.pc if available (David Woodhouse)
* Certificate cache destroyed on login/logout (David Woodhouse)
* Fixed accessing certificates marked as CKA_PRIVATE (David Woodhouse)
* Directly included libp11 code into the engine (Matt Hauck)
* Fixed handling simultaneous make jobs (Derek Straka)
* Reverted an old hack that broke engine initialization (Michal Trojnara)
* Fixed loading of multiple keys due to unneeded re-logging (Matt Hauck)
* Makefile fixes and improvements (Nikos Mavrogiannopoulos)
* Fixed several certificate selection bugs (Michal Trojnara)
* The signed message digest is truncated if it is too long for the
signing curve (David von Oheimb)
* Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
in the ASN1_OCTET_STRING format (Michal Trojnara)
* OpenSSL 1.1.0 build fixes (Michal Trojnara)
New in 0.4.0; 2016-03-28; Michal Trojnara
* Merged engine_pkcs11 (Michal Trojnara)
* Added ECDSA support for OpenSSL < 1.0.2 (Michal Trojnara)
* Added ECDH key derivation support (Doug Engert and Michal Trojnara)
* Added support for RSA_NO_PADDING RSA private key decryption, used
by OpenSSL for various features including OAEP (Michal Trojnara)
* Added support for the ANSI X9.31 (RSA_X931_PADDING) RSA padding
(Michal Trojnara)
* Added support for RSA encryption (not only signing) (Michal Trojnara)
* Added CKA_ALWAYS_AUTHENTICATE support (Michal Trojnara)
* Fixed double locking the global engine lock (Michal Trojnara)
* Fixed incorrect errors reported on signing/encryption/decryption
(Michal Trojnara)
* Fixed deadlocks in keys and certificates listing (Brian Hinz)
* Use PKCS11_MODULE_PATH environment variable (Doug Engert)
* Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
* Returned EVP_PKEY objects are no longer "const" (Michal Trojnara)
* Fixed building against OpenSSL 0.9.8 (Michal Trojnara)
* Removed support for OpenSSL 0.9.7 (Michal Trojnara)
New in 0.3.1; 2016-01-22; Michal Trojnara
* Added PKCS11_is_logged_in to the API (Mikhail Denisenko)
* Added PKCS11_enumerate_public_keys to the API (Michal Trojnara)
* Fixed EVP_PKEY handling of public keys (Michal Trojnara)
* Added thread safety based on OpenSSL dynamic locks (Michal Trojnara)
* A private index is allocated for ex_data access (RSA and ECDSA classes)
instead of using the reserved index zero (app_data) (Michal Trojnara)
* Fixes in reinitialization after fork; addresses #39
(Michal Trojnara)
* Improved searching for dlopen() (Christoph Moench-Tegeder)
* MSVC build fixes (Michal Trojnara)
* Fixed memory leaks in pkcs11_get_evp_key_rsa() (Michal Trojnara)
New in 0.3.0; 2015-10-09; Nikos Mavrogiannopoulos
* Added small test suite based on softhsm (run on make check)
* Memory leak fixes (Christian Heimes)
* On module initialization tell the module to that the OS locking
primitives are OK to use (Mike Gerow)
* Transparently handle applications that fork. That is call C_Initialize()
and reopen any handles if a fork is detected.
* Eliminated any hard coded limits for certificate size (Doug Engert)
* Added support for ECDSA (Doug Engert)
* Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt
(Stephane Adenot)
* Eliminated several hard-coded limits in parameter sizes.
Here is paste error should be append after 3.3.26's part.
3.2.23 (2020-03-02)
Merged Pull Requests
* Expeditor - Disable nonfunctional github release option #573 (clintoncwolfe)
* Attempt to fix --sudo. #576 (skpaterson)
3.2.22 (2020-02-18)
Merged Pull Requests
* Revert to regular require to fix transport loading across gem boundary
#572 (clintoncwolfe)
* Include the LICENSE file in the gem #571 (btm)
3.2.20 (2020-02-06)
Merged Pull Requests
* Kali Linux platform detection support #556 (mattray)
* Refactor OS detection. #561 (zenspider)
* Unified gemspec and fixed dependencies across train and train-core. #563
(zenspider)
* Rebase #339#566 (zenspider)
* Improve debugging experience by making platform and connection less
noisy. #565 (zenspider)
* Added a blank line to the readme where we needed one. #567 (zenspider)
v3.2.14 (2020-01-23)
Merged Pull Requests
* Substitute require for require_relative #549 (tas50)
* allow overriding follow_symlink on Train::File #550 (miah)
* Fix README typo #551 (multani)
* LinuxCommand#verify cleaned up #530 (vsingh-msys)
* Add azure_mgmt_storage to train.gemspec #552 (rmoles)
* Refactor with_sudo_pty to BaseConnection (no-op) and SshConnection. #554
(zenspider)
* Yocto Project family and Yocto Linux and balenaOS platform detection #558
(mattray)
* Make stat command use '-c' for Yocto OS #559 (michaellihs)
* Fix verify step for sudo #557 (zenspider)
