import UBI p11-kit-0.26.2-1.el10

2026-05-19 18:42:02 -04:00 · 2026-05-19 18:42:02 -04:00 · 46c8c8185c
commit 46c8c8185c
parent bed5cd8d53
5 changed files with 271 additions and 90 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
-p11-kit-0.25.5.tar.xz
-p11-kit-0.25.5.tar.xz.sig
+p11-kit-0.26.2.tar.xz
+p11-kit-0.26.2.tar.xz.sig
 p11-kit-release-keyring.gpg
--- a/p11-kit-0.25.5-trust-file-length.patch
+++ b/p11-kit-0.25.5-trust-file-length.patch
@ -1,73 +0,0 @@
-From a8b94642dbe6d52aa7a7805fbb60b64c4cfd7245 Mon Sep 17 00:00:00 2001
-From: Zoltan Fridrich <zfridric@redhat.com>
-Date: Thu, 3 Oct 2024 11:34:14 +0200
-Subject: [PATCH] trust: don't create file names longer then 255
-
-Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
- trust/save.c | 19 ++++++++++++++++---
- 1 file changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/trust/save.c b/trust/save.c
-index 057a9c5e3..acabcbf6d 100644
--- a/trust/save.c
-+++ b/trust/save.c
-@@ -61,6 +61,8 @@
- #define O_DIRECTORY 0
- #endif
- 
-+#define MAX_FILE_NAME 255
-+
- struct _p11_save_file {
- 	char *bare;
- 	char *extension;
-@@ -414,12 +416,23 @@ make_unique_name (const char *bare,
- 	p11_buffer buf;
- 	int ret;
- 	int i;
-+	int bare_len, ext_len, diff;
- 
- 	assert (bare != NULL);
- 	assert (check != NULL);
- 
- 	p11_buffer_init_null (&buf, 0);
- 
-+	/*
-+	 * Make sure the name will not be longer then MAX_FILE_NAME
-+	 */
-+	bare_len = strlen (bare);
-+	ext_len = extension ? strlen (extension) : 0;
-+	diff = bare_len + ext_len + sizeof (unique) - MAX_FILE_NAME;
-+	if (diff > 0)
-+		bare_len -= diff;
-+	return_val_if_fail (bare_len > 0, NULL);
-+
- 	for (i = 0; true; i++) {
- 
- 		p11_buffer_reset (&buf, 64);
-@@ -431,7 +444,7 @@ make_unique_name (const char *bare,
- 		 * provided by the caller.
- 		 */
- 		case 0:
-			p11_buffer_add (&buf, bare, -1);
-+			p11_buffer_add (&buf, bare, bare_len);
- 			break;
- 
- 		/*
-@@ -448,14 +461,14 @@ make_unique_name (const char *bare,
- 			/* fall through */
- 
- 		default:
-			p11_buffer_add (&buf, bare, -1);
-+			p11_buffer_add (&buf, bare, bare_len);
- 			snprintf (unique, sizeof (unique), ".%d", i);
- 			p11_buffer_add (&buf, unique, -1);
- 			break;
- 		}
- 
- 		if (extension)
-			p11_buffer_add (&buf, extension, -1);
-+			p11_buffer_add (&buf, extension, ext_len);
- 
- 		return_val_if_fail (p11_buffer_ok (&buf), NULL);
- 
--- a/p11-kit-0.26.1-pkcs11-legacy-defs.patch
+++ b/p11-kit-0.26.1-pkcs11-legacy-defs.patch
@ -0,0 +1,224 @@
+diff --color -ruNp a/common/attrs.c b/common/attrs.c
+--- a/common/attrs.c	2025-12-11 14:59:36.000000000 +0100
+++ b/common/attrs.c	2026-01-22 09:47:40.761892180 +0100
+@@ -638,13 +638,15 @@ attribute_is_trust_value (const CK_ATTRI
+ 	case CKA_NSS_TRUST_IPSEC_TUNNEL:
+ 	case CKA_NSS_TRUST_IPSEC_USER:
+ 	case CKA_NSS_TRUST_TIME_STAMPING:
+	case CKA_TRUST_IPSEC_IKE:
+	case CKA_TRUST_OCSP_SIGNING:
+#ifdef USE_STANDARD_TRUST
+ 	case CKA_TRUST_SERVER_AUTH:
+ 	case CKA_TRUST_CLIENT_AUTH:
+ 	case CKA_TRUST_CODE_SIGNING:
+ 	case CKA_TRUST_EMAIL_PROTECTION:
+-	case CKA_TRUST_IPSEC_IKE:
+ 	case CKA_TRUST_TIME_STAMPING:
+-	case CKA_TRUST_OCSP_SIGNING:
+#endif
+ 		break;
+ 	default:
+ 		return false;
+@@ -734,12 +736,14 @@ attribute_is_sensitive (const CK_ATTRIBU
+ 	X (CKA_DEFAULT_CMS_ATTRIBUTES)
+ 	X (CKA_SUPPORTED_CMS_ATTRIBUTES)
+ 	X (CKA_ALLOWED_MECHANISMS)
+#ifdef USE_STANDARD_TRUST
+ 	X (CKA_TRUST_SERVER_AUTH)
+ 	X (CKA_TRUST_CLIENT_AUTH)
+ 	X (CKA_TRUST_CODE_SIGNING)
+ 	X (CKA_TRUST_EMAIL_PROTECTION)
+-	X (CKA_TRUST_IPSEC_IKE)
+ 	X (CKA_TRUST_TIME_STAMPING)
+#endif
+	X (CKA_TRUST_IPSEC_IKE)
+ 	X (CKA_TRUST_OCSP_SIGNING)
+ 	X (CKA_X_ASSERTION_TYPE)
+ 	X (CKA_X_CERTIFICATE_VALUE)
+diff --color -ruNp a/common/constants.c b/common/constants.c
+--- a/common/constants.c	2025-12-11 14:59:36.000000000 +0100
+++ b/common/constants.c	2026-01-22 09:48:12.843493106 +0100
+@@ -198,12 +198,16 @@ const p11_constant p11_constant_types[]
+ 	CT (CKA_VALIDATION_PROFILE, "validation-profile")
+ 	CT (CKA_ENCAPSULATE_TEMPLATE, "encapsulate-template")
+ 	CT (CKA_DECAPSULATE_TEMPLATE, "decapsulate_template")
+#ifdef USE_STANDARD_TRUST
+ 	CT (CKA_TRUST_SERVER_AUTH, "trust-server-auth")
+ 	CT (CKA_TRUST_CLIENT_AUTH, "trust-client-auth")
+ 	CT (CKA_TRUST_CODE_SIGNING, "trust-code-signing")
+ 	CT (CKA_TRUST_EMAIL_PROTECTION, "trust-email-protection")
+#endif
+ 	CT (CKA_TRUST_IPSEC_IKE, "trust-ipsec-ike")
+#ifdef USE_STANDARD_TRUST
+ 	CT (CKA_TRUST_TIME_STAMPING, "trust-time-stamping")
+#endif
+ 	CT (CKA_TRUST_OCSP_SIGNING, "trust-ocsp-signing")
+ 	CT (CKA_ENCAPSULATE, "encapsulate")
+ 	CT (CKA_DECAPSULATE, "decapsulate")
+@@ -267,14 +271,25 @@ const p11_constant p11_constant_types[]
+ 	CT (CKA_NSS_TRUST_KEY_AGREEMENT, "nss-trust-key-agreement")
+ 	CT (CKA_NSS_TRUST_KEY_CERT_SIGN, "nss-trust-key-cert-sign")
+ 	CT (CKA_NSS_TRUST_CRL_SIGN, "nss-trust-crl-sign")
+#ifdef USE_STANDARD_TRUST
+ 	CT (CKA_NSS_TRUST_SERVER_AUTH, "nss-trust-server-auth")
+ 	CT (CKA_NSS_TRUST_CLIENT_AUTH, "nss-trust-client-auth")
+ 	CT (CKA_NSS_TRUST_CODE_SIGNING, "nss-trust-code-signing")
+ 	CT (CKA_NSS_TRUST_EMAIL_PROTECTION, "nss-trust-email-protection")
+#else
+	CT (CKA_NSS_TRUST_SERVER_AUTH, "trust-server-auth")
+	CT (CKA_NSS_TRUST_CLIENT_AUTH, "trust-client-auth")
+	CT (CKA_NSS_TRUST_CODE_SIGNING, "trust-code-signing")
+	CT (CKA_NSS_TRUST_EMAIL_PROTECTION, "trust-email-protection")
+#endif
+ 	CT (CKA_NSS_TRUST_IPSEC_END_SYSTEM, "nss-trust-ipsec-end-system")
+ 	CT (CKA_NSS_TRUST_IPSEC_TUNNEL, "nss-trust-ipsec-tunnel")
+ 	CT (CKA_NSS_TRUST_IPSEC_USER, "nss-trust-ipsec-user")
+#ifdef USE_STANDARD_TRUST
+ 	CT (CKA_NSS_TRUST_TIME_STAMPING, "nss-trust-time-stamping")
+#else
+	CT (CKA_NSS_TRUST_TIME_STAMPING, "trust-time-stamping")
+#endif
+ 	CT (CKA_NSS_TRUST_STEP_UP_APPROVED, "nss-trust-step-up-approved")
+ 	CT (CKA_NSS_CERT_SHA1_HASH, "nss-cert-sha1-hash")
+ 	CT (CKA_NSS_CERT_MD5_HASH, "nss-cert-md5-hash")
+diff --color -ruNp a/common/persist.c b/common/persist.c
+--- a/common/persist.c	2025-12-11 14:59:36.000000000 +0100
+++ b/common/persist.c	2026-01-22 09:48:34.018889748 +0100
+@@ -296,11 +296,13 @@ format_ulong (CK_ATTRIBUTE *attr,
+ 	case CKA_NSS_TRUST_IPSEC_USER:
+ 	case CKA_NSS_TRUST_TIME_STAMPING:
+ 	case CKA_NSS_TRUST_STEP_UP_APPROVED:
+#ifdef USE_STANDARD_TRUST
+ 	case CKA_TRUST_SERVER_AUTH:
+ 	case CKA_TRUST_CLIENT_AUTH:
+ 	case CKA_TRUST_CODE_SIGNING:
+ 	case CKA_TRUST_EMAIL_PROTECTION:
+ 	case CKA_TRUST_TIME_STAMPING:
+#endif
+ 	case CKA_X_ASSERTION_TYPE:
+ 	case CKA_AUTH_PIN_FLAGS:
+ 	case CKA_HW_FEATURE_TYPE:
+@@ -368,11 +370,13 @@ format_constant (CK_ATTRIBUTE *attr,
+ 	case CKA_NSS_TRUST_IPSEC_TUNNEL:
+ 	case CKA_NSS_TRUST_IPSEC_USER:
+ 	case CKA_NSS_TRUST_TIME_STAMPING:
+#ifdef USE_STANDARD_TRUST
+ 	case CKA_TRUST_SERVER_AUTH:
+ 	case CKA_TRUST_CLIENT_AUTH:
+ 	case CKA_TRUST_CODE_SIGNING:
+ 	case CKA_TRUST_EMAIL_PROTECTION:
+ 	case CKA_TRUST_TIME_STAMPING:
+#endif
+ 		table = p11_constant_trusts;
+ 		break;
+ 	case CKA_CLASS:
+diff --color -ruNp a/common/pkcs11.h b/common/pkcs11.h
+--- a/common/pkcs11.h	2025-12-11 14:59:36.000000000 +0100
+++ b/common/pkcs11.h	2026-01-22 09:46:29.803959838 +0100
+@@ -578,12 +578,7 @@ extern "C" {
+ #define CKA_VALIDATION_PROFILE                  (0x629UL)
+ #define CKA_ENCAPSULATE_TEMPLATE                (0x62AUL)
+ #define CKA_DECAPSULATE_TEMPLATE                (0x62BUL)
+-#define CKA_TRUST_SERVER_AUTH                   (0x62CUL)
+-#define CKA_TRUST_CLIENT_AUTH                   (0x62DUL)
+-#define CKA_TRUST_CODE_SIGNING                  (0x62EUL)
+-#define CKA_TRUST_EMAIL_PROTECTION              (0x62FUL)
+ #define CKA_TRUST_IPSEC_IKE                     (0x630UL)
+-#define CKA_TRUST_TIME_STAMPING                 (0x631UL)
+ #define CKA_TRUST_OCSP_SIGNING                  (0x632UL)
+ #define CKA_ENCAPSULATE                         (0x633UL)
+ #define CKA_DECAPSULATE                         (0x634UL)
+@@ -592,6 +587,22 @@ extern "C" {
+ #define CKA_SEED                                (0x637UL)
+ #define CKA_VENDOR_DEFINED                      ((unsigned long) (1UL << 31))
+ 
+#ifdef USE_STANDARD_TRUST
+/* Values introduced in PKCS#11 3.2 standard */
+#define CKA_TRUST_SERVER_AUTH                   (0x62CUL)
+#define CKA_TRUST_CLIENT_AUTH                   (0x62DUL)
+#define CKA_TRUST_CODE_SIGNING                  (0x62EUL)
+#define CKA_TRUST_EMAIL_PROTECTION              (0x62FUL)
+#define CKA_TRUST_TIME_STAMPING                 (0x631UL)
+#elif !defined(PKCS11_X_H_)
+/* Legacy values that collide with PKCS#11 standard values */
+#define CKA_TRUST_SERVER_AUTH                   (0xce536358UL)
+#define CKA_TRUST_CLIENT_AUTH                   (0xce536359UL)
+#define CKA_TRUST_CODE_SIGNING                  (0xce53635aUL)
+#define CKA_TRUST_EMAIL_PROTECTION              (0xce53635bUL)
+#define CKA_TRUST_TIME_STAMPING                 (0xce53635fUL)
+#endif
+
+ /* CK_CERTIFICATE_CATEGORY */
+ #define CK_CERTIFICATE_CATEGORY_UNSPECIFIED     (0UL)
+ #define CK_CERTIFICATE_CATEGORY_TOKEN_USER      (1UL)
+diff --color -ruNp a/common/pkcs11x.h b/common/pkcs11x.h
+--- a/common/pkcs11x.h	2025-12-11 14:59:36.000000000 +0100
+++ b/common/pkcs11x.h	2026-01-22 09:46:39.783921400 +0100
+@@ -98,6 +98,32 @@ extern "C" {
+ #define CKA_NSS_CERT_SHA1_HASH          0xce5363b4UL
+ #define CKA_NSS_CERT_MD5_HASH           0xce5363b5UL
+ 
+#ifndef USE_STANDARD_TRUST
+/* Legacy names */
+#define CKA_TRUST_DIGITAL_SIGNATURE     CKA_NSS_TRUST_DIGITAL_SIGNATURE
+#define CKA_TRUST_NON_REPUDIATION       CKA_NSS_TRUST_NON_REPUDIATION
+#define CKA_TRUST_KEY_ENCIPHERMENT      CKA_NSS_TRUST_KEY_ENCIPHERMENT
+#define CKA_TRUST_DATA_ENCIPHERMENT     CKA_NSS_TRUST_DATA_ENCIPHERMENT
+#define CKA_TRUST_KEY_AGREEMENT         CKA_NSS_TRUST_KEY_AGREEMENT
+#define CKA_TRUST_KEY_CERT_SIGN         CKA_NSS_TRUST_KEY_CERT_SIGN
+#define CKA_TRUST_CRL_SIGN              CKA_NSS_TRUST_CRL_SIGN
+#define CKA_TRUST_IPSEC_END_SYSTEM      CKA_NSS_TRUST_IPSEC_END_SYSTEM
+#define CKA_TRUST_IPSEC_TUNNEL          CKA_NSS_TRUST_IPSEC_TUNNEL
+#define CKA_TRUST_IPSEC_USER            CKA_NSS_TRUST_IPSEC_USER
+#define CKA_TRUST_STEP_UP_APPROVED      CKA_NSS_TRUST_STEP_UP_APPROVED
+#define CKA_CERT_SHA1_HASH              CKA_NSS_CERT_SHA1_HASH
+#define CKA_CERT_MD5_HASH               CKA_NSS_CERT_MD5_HASH
+
+#ifndef PKCS11_H
+/* Legacy names that collide with PKCS#11 standard names */
+#define CKA_TRUST_SERVER_AUTH           CKA_NSS_TRUST_SERVER_AUTH
+#define CKA_TRUST_CLIENT_AUTH           CKA_NSS_TRUST_CLIENT_AUTH
+#define CKA_TRUST_CODE_SIGNING          CKA_NSS_TRUST_CODE_SIGNING
+#define CKA_TRUST_EMAIL_PROTECTION      CKA_NSS_TRUST_EMAIL_PROTECTION
+#define CKA_TRUST_TIME_STAMPING         CKA_NSS_TRUST_TIME_STAMPING
+#endif
+#endif /* USE_STANDARD_TRUST */
+
+ /* NSS trust values */
+ typedef CK_ULONG                        CK_TRUST;
+ #define CKT_NSS_TRUSTED                 0xce534351UL
+diff --color -ruNp a/trust/builder.c b/trust/builder.c
+--- a/trust/builder.c	2026-01-19 12:05:20.000000000 +0100
+++ b/trust/builder.c	2026-01-22 09:51:26.366291745 +0100
+@@ -993,12 +993,15 @@ const static builder_schema trust_schema
+ 	  { CKA_SUBJECT, CREATE },
+ 	  { CKA_SERIAL_NUMBER, CREATE },
+ 	  /* official trust attributes */
+#ifdef USE_STANDARD_TRUST
+ 	  { CKA_TRUST_SERVER_AUTH, CREATE },
+ 	  { CKA_TRUST_CLIENT_AUTH, CREATE },
+ 	  { CKA_TRUST_CODE_SIGNING, CREATE },
+ 	  { CKA_TRUST_EMAIL_PROTECTION, CREATE },
+-	  { CKA_TRUST_IPSEC_IKE, CREATE },
+ 	  { CKA_TRUST_TIME_STAMPING, CREATE },
+#endif
+	  /* these do not collide with legacy NSS names */
+	  { CKA_TRUST_IPSEC_IKE, CREATE },
+ 	  { CKA_TRUST_OCSP_SIGNING, CREATE },
+ 	  /* vendor trust attributes previuosly used by NSS */
+ 	  { CKA_NSS_TRUST_SERVER_AUTH, CREATE },
+@@ -1363,12 +1366,14 @@ build_trust_object_eku (CK_ATTRIBUTE *ob
+ 		CK_ATTRIBUTE_TYPE type;
+ 		const char *oid;
+ 	} eku_attribute_map[] = {
+#ifdef USE_STANDARD_TRUST
+ 		/* official trust attributes */
+ 		{ CKA_TRUST_SERVER_AUTH, P11_OID_SERVER_AUTH_STR },
+ 		{ CKA_TRUST_CLIENT_AUTH, P11_OID_CLIENT_AUTH_STR },
+ 		{ CKA_TRUST_CODE_SIGNING, P11_OID_CODE_SIGNING_STR },
+ 		{ CKA_TRUST_EMAIL_PROTECTION, P11_OID_EMAIL_PROTECTION_STR },
+ 		{ CKA_TRUST_TIME_STAMPING, P11_OID_TIME_STAMPING_STR },
+#endif
+ 		/* vendor trust attributes previuosly used by NSS */
+ 		{ CKA_NSS_TRUST_SERVER_AUTH, P11_OID_SERVER_AUTH_STR },
+ 		{ CKA_NSS_TRUST_CLIENT_AUTH, P11_OID_CLIENT_AUTH_STR },
--- a/p11-kit.spec
+++ b/p11-kit.spec
@ -1,15 +1,15 @@
 ## START: Set by rpmautospec
-## (rpmautospec version 0.6.5)
+## (rpmautospec version 0.8.3)
 ## RPMAUTOSPEC: autorelease, autochangelog
 %define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
-    release_number = 7;
+    release_number = 1;
    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
    print(release_number + base_release_number - 1);
 }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
 ## END: Set by rpmautospec

 # This spec file has been automatically updated
-Version:        0.25.5
+Version:        0.26.2
 Release:        %{?autorelease}%{!?autorelease:1%{?dist}}
 Name:           p11-kit
 Summary:        Library for loading and sharing PKCS#11 modules
@ -22,7 +22,9 @@ Source2:        https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyr
 Source3:        trust-extract-compat
 Source4:        p11-kit-client.service

-Patch:          p11-kit-0.25.5-trust-file-length.patch
+# Support for legacy PKCS11 definitions to prevent backwards incompatibility
+# Remove this in RHEL-11
+Patch0:         p11-kit-0.26.1-pkcs11-legacy-defs.patch

 BuildRequires:  gcc
 BuildRequires:  libtasn1-devel >= 2.3
@ -31,7 +33,7 @@ BuildRequires:  gettext
 BuildRequires:  gtk-doc
 BuildRequires:  meson
 BuildRequires:  systemd-devel
-BuildRequires:  bash-completion
+BuildRequires:  pkgconfig(bash-completion)
 # Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
 # Remove this once it is fixed
 BuildRequires:  pkgconfig(glib-2.0)
@ -66,9 +68,21 @@ The %{name}-trust package contains a system trust PKCS#11 module which
 contains certificate anchors and blocklists.


-%package server
-Summary:        Server and client commands for %{name}
+%package client
+Summary:        Client module from %{name}
 Requires:       %{name}%{?_isa} = %{version}-%{release}
+Obsoletes:      %{name}-server < 0.25.5-8
+
+%description client
+The %{name}-client package contains a PKCS#11 module that enables
+accessing other PKCS#11 modules over a Unix domain socket.  Note that
+this feature is still experimental.
+
+
+%package server
+Summary:        Server command for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+Obsoletes:      %{name}-server < 0.25.5-8

 %description server
 The %{name}-server package contains command line tools that enable to
@ -91,7 +105,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %autosetup -p1

 %build
-# These paths are the source paths that  come from the plan here:
+# These paths are the source paths that come from the plan here:
 # https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks
 %meson -Dgtk_doc=true -Dman=true -Dtrust_paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source
 %meson_build
@ -112,12 +126,12 @@ install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_userunitdir}


 %post trust
-%{_sbindir}/alternatives --install %{_libdir}/libnssckbi.so %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
+alternatives --install %{_libdir}/libnssckbi.so %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30

 %postun trust
 if [ $1 -eq 0 ] ; then
        # package removal
-        %{_sbindir}/alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
+        alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
 fi


@ -130,6 +144,7 @@ fi
 %dir %{_sysconfdir}/pkcs11/modules
 %dir %{_datadir}/p11-kit
 %dir %{_datadir}/p11-kit/modules
+%dir %{_libdir}/pkcs11
 %dir %{_libexecdir}/p11-kit
 %{_bindir}/p11-kit
 %{_libdir}/libp11-kit.so.*
@ -139,6 +154,7 @@ fi
 %{_mandir}/man8/p11-kit.8.gz
 %{_mandir}/man5/pkcs11.conf.5.gz
 %{_datadir}/bash-completion/completions/p11-kit
+%{_datadir}/zsh/site-functions/_p11-kit

 %files devel
 %{_includedir}/p11-kit-1/
@ -148,16 +164,18 @@ fi

 %files trust
 %{_bindir}/trust
-%dir %{_libdir}/pkcs11
 %ghost %{_libdir}/libnssckbi.so
 %{_libdir}/pkcs11/p11-kit-trust.so
 %{_datadir}/p11-kit/modules/p11-kit-trust.module
 %{_libexecdir}/p11-kit/trust-extract-compat
 %{_datadir}/bash-completion/completions/trust
+%{_datadir}/zsh/site-functions/_trust

-%files server
+%files client
 %{_libdir}/pkcs11/p11-kit-client.so
 %{_userunitdir}/p11-kit-client.service
+
+%files server
 %{_libexecdir}/p11-kit/p11-kit-server
 %{_userunitdir}/p11-kit-server.service
 %{_userunitdir}/p11-kit-server.socket
@ -165,6 +183,18 @@ fi

 %changelog
 ## START: Generated by rpmautospec
+* Tue Feb 10 2026 Zoltan Fridrich <zfridric@redhat.com> - 0.26.2-1
+- Rebase to 0.26.2
+
+* Thu Jan 22 2026 Zoltan Fridrich <zfridric@redhat.com> - 0.26.1-1
+- Rebase to 0.26.1
+
+* Mon Sep 22 2025 Zoltan Fridrich <zfridric@redhat.com> - 0.25.10-1
+- Rebase to 0.25.10
+
+* Fri Sep 19 2025 Zoltan Fridrich <zfridric@redhat.com> - 0.25.9-1
+- Rebase to 0.25.9
+
 * Fri Nov 01 2024 Miluse Bezo Konecna <mbezokon@redhat.com> - 0.25.5-7
 - fix typo in ci.fmf

--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (p11-kit-0.25.5.tar.xz) = 177ec6ff5eb891901078306dce2bf3f5c1a0e5c2a8c493bdf5a08ae1ff1240fdf6952961e973c373f80ac3d1d5a9927e07f4da49e4ff92269d992e744889fc94
-SHA512 (p11-kit-0.25.5.tar.xz.sig) = 2be5aa4ccbb889e32aed88fc1f7926c3ccaadc90cc6b15a187358c812eee4ce1712068d1f271766ac51366112c0619aad46cff345ed2edd009fb2fe7fb804493
-SHA512 (p11-kit-release-keyring.gpg) = 9a832a8ac3a139cbbf1ecb66573f0709847ebfef4975777cf82b4dca09af1ad8e6400f0af0bcdb92860e7ed4fc05082ba1edda0238a21fe24d49555a1069e881
+SHA512 (p11-kit-0.26.2.tar.xz) = 662c77e3133a9ee00f155fc2c1f12fdb16492920f992ab6e9de587c8abf76f990d442643bf8464cc08ad4d1c584f4d6f8d3a006aa7fc791010fa9cb7acaf6b7b
+SHA512 (p11-kit-0.26.2.tar.xz.sig) = 84f5d5363eb38a6a501b34103b5c1df08c88b80897fdd4f966c0692131cca0f21f590a58a7810b9e87e86656641ac4e0f4224b0327840890af4a4baf5186e264
+SHA512 (p11-kit-release-keyring.gpg) = f7e0dc5147820100727f52b00aa863175449c5f370a24c83cda49a3a25b74ecf9913ff535bbb90d64b38512a51fadb6886ef0c18aa976c6aacb1385da3128d69