| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Patch #317 - 2015/03/27
adapt example for exec-formatted from
Lukas Zapletal's webpage to manual (Debian
#780008).
add a short usage section to the xterm manual, including
notes on setting the window title (Debian #742477).
revise a change made to ICH in patch #314 to address limit-checks
(reports/testcases by Zoltán Keri and Joe
Peterson, also reported by Christian Weisgerber).
|
|
Import py27-ftfy-3.4.0 as textproc/py-ftfy.
Given Unicode text, make its representation consistent and possibly less broken.
|
|
|
|
Version 1.58b:
--------------
- Added a workaround for abort() behavior in -lpthread programs in QEMU mode.
Spotted by Aidan Thornton.
- Made several documentation updates, including links to the static
instrumentation tool (sister_projects.txt).
--------------
Version 1.57b:
--------------
- Fixed a problem with exception handling on some versions of MacOS X.
Spotted by Samir Aguiar and Anders Wang Kristensen.
- Tweaked afl-gcc to use BIN_PATH instead of a fixed string in help
messages.
|
|
|
|
|
|
Version 1.6.17beta01 [January 29, 2015]
Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
Corrected the width limit calculation in png_check_IHDR().
Removed user limits from pngfix. Also pass NULL pointers to
png_read_row to skip the unnecessary row de-interlace stuff.
Added testing of png_set_packing() to pngvalid.c
Regenerated configure scripts in the *.tar distributions with libtool-2.4.4
Implement previously untested cases of libpng transforms in pngvalid.c
Fixed byte order in 2-byte filler, in png_do_read_filler().
Made the check for out-of-range values in png_set_tRNS() detect
values that are exactly 2^bit_depth, and work on 16-bit platforms.
Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
pngset.c to avoid warnings about dead code.
Added "& 0xff" to many instances of expressions that are typecast
to (png_byte), to avoid Coverity gripes.
Version 1.6.17beta02 [February 7, 2015]
Work around one more Coverity-scan dead-code warning.
Do not build png_product2() when it is unused.
Version 1.6.17beta03 [February 17, 2015]
Display user limits in the output from pngtest.
Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
and 1-million-row default limits in pnglibconf.dfa, that can be reset
by the user at build time or run time. This provides a more robust
defense against DOS and as-yet undiscovered overflows.
Version 1.6.17beta04 [February 21, 2015]
Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
Rebuilt configure scripts with automake-1.15 and libtool-2.4.6
Version 1.6.17beta05 [February 25, 2015]
Restored compiling of png_reciprocal2 with PNG_NO_16BIT.
Version 1.6.17beta06 [February 27, 2015]
Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
of png.h.
Avoid runtime checks when converting integer to png_byte with
Visual Studio (Sergey Kosarevsky)
Version 1.6.17rc01 [March 4, 2015]
No changes.
Version 1.6.17rc02 [March 9, 2015]
Removed some comments that the configure script did not handle
properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt.
Free the unknown_chunks structure even when it contains no data.
Version 1.6.17rc03 [March 12, 2015]
Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF
for consistency, and remove some useless tests (Alexey Petruchik).
Version 1.6.17rc04 [March 16, 2015]
Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of
pnglibconf.* in "make clean" (Cosmin).
Fix bug in calculation of maxbits, in png_write_sBIT, introduced
in libpng-1.6.17beta01 (John Bowler).
Version 1.6.17rc05 [March 21, 2015]
Define PNG_FILTER_* and PNG_FILTER_VALUE_* in png.h even when WRITE
is not supported (John Bowler). This fixes an error introduced in
libpng-1.6.17beta06.
Reverted "& 0xff" additions of version 1.6.17beta01. Libpng passes
the Coverity scan without them.
Version 1.6.17rc06 [March 23, 2015]
Remove pnglibconf.dfn and pnglibconf.pre with "make clean".
Reformatted some "&0xff" instances to "& 0xff".
Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
value was wrong. It's not clear if this affected the final stored
value; in the obvious code path the upper and lower 8-bits of the
alpha value were identical and the alpha was truncated to 8-bits
rather than dividing by 257 (John Bowler).
Version 1.6.17 [March 26, 2015]
No changes.
|
|
|
|
Khard is an address book for the Linux console. It creates, reads,
modifies and removes CardDAV address book entries at your local
machine. Khard is also compatible to the email clients mutt and
alot and the SIP client twinkle.
|
|
|
|
This release has hardened handling of invalid arguments & allocation
failures, adds support for using arc4random in key generation, and adds
some unit tests to help developers prevent regressions in the future.
Alan Coopersmith (11):
Remove unused TLI ("STREAMSCONN") code from libXdmcp
Ensure ARRAY* structs are zero'ed out when allocation fails
Make XdmcpCopyARRAY8 call XdmcpAllocARRAY8 instead of replicating it
Add unit tests for Array allocation functions
Ensure ARRAY* structs are zero'ed out when oversize values are passed
Ensure ARRAYofARRAY8 pointers are initialized to NULL
Also reject requests to allocate negative sized amounts of memory
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
Add AC_USE_SYSTEM_EXTENSIONS to expose arc4random() interfaces in headers
libXdmcp 1.1.2
Matthieu Herrb (1):
Use arc4random when available to produce the XDM-AUTHENTICATION1 key
|
|
|
|
Release 0.1.2 (2015-03-35)
===========================
- Use CFSwapInt32LittleToHost from CoreFoundation.h on Mac OS X to implement
le32toh.
- Check submodules before running autoconf.
- darwin: Use OSByteOrder.h rather than CF.
- Perform safety check before trying to load glyph cursorHEADmaster
|
|
|
|
|
|
|
|
and 1.17. (Notably this excludes the newport driver which needs XAA.)
Bump PKGREVISION.
|
|
|
|
=========
0.1.0 (2015-03-15)
------------------
Fix
~~~
- Avoid casting an exception when comparing to non-``Colour`` instances.
(fixes #14) [Riziq Sayegh]
0.0.6 (2014-11-18)
------------------
New
~~~
- Provide all missing *2* function by combination with other existing
ones (fixes #13). [Valentin Lab]
- Provide full access to any color name in HSL, RGB, HEX convenience
instances. [Valentin Lab]
Now you can call ``colour.HSL.cyan``, or ``colour.HEX.red`` for a direct encoding of
``human`` colour labels to the 3 representations.
|
|
|
|
|
|
Changelog
=========
- :release:`15.1.0 <2015-02-24>`
- :bug:`- major` Tolerate frames without a ``__name__``.
- :release:`15.0.0 <2015-01-23>`
- :feature:`44` Add :func:`structlog.stdlib.add_log_level` and :func:`structlog.stdlib.add_logger_name` processors.
- :feature:`42` Add :func:`structlog.stdlib.BoundLogger.log`.
- :feature:`19` Pass positional arguments to stdlib wrapped loggers that use string formatting.
- :feature:`28` structlog is now dually licensed under the `Apache License, Version 2 <http://choosealicense.com/licenses/apache-2.0/>`_ and the `MIT <http://choosealicense.com/licenses/mit/>`_ license.
Therefore it is now legal to use structlog with `GPLv2 <http://choosealicense.com/licenses/gpl-2.0/>`_-licensed projects.
- :feature:`22` Add :func:`structlog.stdlib.BoundLogger.exception`.
|
|
|
|
Alan Coopersmith (2):
Stop undefining _ATOMIC_TYPE in Solaris/NetBSD section of xf86atomic.h
On Solaris, #include <sys/mkdev.h> in xf86drm.c
Chih-Wei Huang (1):
android: remove duplicate libdrm in LOCAL_SHARED_LIBRARIES
Damien Lespiau (1):
build: Bump version number to 2.4.60 before release
Daniel Vetter (7):
intel: Unconditionally clear ioctl structs
xf86drmMode: Unconditionally clear ioctl structs
drm: use drmIoctl everywhere
xf86drm: Unconditionally clear ioctl structs
tests: remove intel-specific tests
xf86drm: Fix ioctl struct clearing in drmGetVersion
Revert "intel: Fix documentation for drm_intel_gem_bo_wait()"
Emil Velikov (21):
libdrm: fix the Android 64bit build
autotools: add AM_DISTCHECK_CONFIGURE_FLAGS
exynos_fimg2d_test: fix implicit funciton declaration errors
tests: fix implicit funciton declaration errors
autotools: add WARN_CFLAGS to all targets
tests: remove unused variables
exynos_fimg2d_test: remove unused variables
tests/radeon: set the list* functions as inline
automake: wrap an insanely long line
configure: omap, freedreno and tegra require atomics
configure: update help strings
automake: drop the NULL variable from the makefile
tests: move the SUBDIR at the top of the makefile
tests: automake: keep the libs link at the final stage
drm: add drmGet(Primary|Render)DeviceNameFromFd functions
modetest: include into the build when libkms is not selected.
configure: Stop using AM_MAINTAINER_MODE
autogen.sh: handle out-of-tree invokation
configure.ac: fix host_cpu/atomics detection
configure.ac: fix help string copy/pasta
configure.ac: error out if building freedreno_kgsl without freedreno
Frank Binns (3):
Rename DRM_NODE_RENDER to DRM_NODE_PRIMARY
Add new drmOpenRender function
Add new drmGetNodeTypeFromFd function
Hyungwon Hwang (2):
exynos: Don't use DRM_EXYNOS_GEM_{MAP_OFFSET/MMAP} ioctls
exynos: remove DRM_EXYNOS_GEM_{MAP_OFFSET/MMAP} ioctls
Jammy Zhou (2):
Add new drmOpenWithType function (v4)
Add new drmOpenOnceWithType function (v2)
Jan Vesely (7):
random: Use unsigned long for seed
Fix gcc -Wextra warnings
tests: String literals are const char *
Fix type-limits, pointer-arith and sign-compare warnings
dristat: Handle DRM_CONSISTENT
Fix unused, and unused-but-set variables warnings
Add static qualifier to local functions
Jeff McGee (1):
intel: Export total subslice and EU counts
Jerome Glisse (1):
nouveau: fix unlock nouveau_bo_name_ref()
Kristian Høgsberg (1):
intel: Fix documentation for drm_intel_gem_bo_wait()
Maarten Lankhorst (4):
Add atomic_inc_return to atomics.
Use __sync_add_and_fetch instead of __sync_fetch_and_add for atomic_dec_and_test
nouveau: make nouveau importing global buffers completely thread-safe, with tests
nouveau: Do not add most bo's to the global bo list.
Philipp Zabel (1):
tests: add support for imx-drm
Thomas Klausner (4):
Fix libdrm's atomic_dec_and_test on Solaris.
Add NetBSD atomic ops support.
intel: Only define variable when it's used.
nouveau: Remove unused static function.
Tobias Jakobi (18):
exynos: replace G2D_DOUBLE_TO_FIXED macro with function
tests/exynos: fix typos and change wording
tests/exynos: disable the G2D userptr/blend test
tests/exynos: introduce wait_for_user_input
exynos: introduce g2d_add_base_addr helper function
tests/exynos: improve error handling
exynos: fimg2d: remove TRUE/FALSE from header
exynos: fimg2d: fix comment for G2D_COEFF_MODE_GB_COLOR
exynos: fimg2d: unify register style
exynos: fimg2d: introduce G2D_OP_INTERPOLATE
exynos: fimg2d: whitespace fix in g2d_flush
tests/exynos: fimg2d: add a checkerboard test
exynos: add g2d_scale_and_blend
exynos: honor the repeat mode in g2d_copy_with_scale
exynos: use structure initialization instead of memset
exynos: add exynos prefix to fimg2d header
exynos: add fimg2d header to common includes
exynos: fimg2d: follow-up fix for G2D_COEFF_MODE_GB_COLOR
|
|
old 1.12 server. Mostly from FDO git. (xf86-video-ati6 was manually ported)
|
|
|
|
they confuse the linker.
|
|
|
|
XXX should be moved to mozilla-common.mk or removed since this is recurring
|
|
|
|
|
|
libgroove-4.2.1, librsvg-2.40.9, moneyguru-2.8.2, phpmyadmin-4.4,
redis-3.0.0, rhythmbox-3.2, source-highlight-3.1.8.
|
|
|
|
0.10.1 2015-03-25
BUG FIXES
* Return `ApplyDeltaError` when encountering delta errors
in both C extensions and native delta application code.
(Jelmer Vernooij, #259)
0.10.0 2015-03-22
BUG FIXES
* In dulwich.index.build_index_from_tree, by default
refuse to create entries that start with .git/.
* Fix running of testsuite when installed.
(Jelmer Vernooij, #223)
* Use a block cache in _find_content_rename_candidates(),
improving performance. (Mike Williams)
* Add support for ``core.protectNTFS`` setting.
(Jelmer Vernooij)
* Fix TypeError when fetching empty updates.
(Hwee Miin Koh)
* Resolve delta refs when pulling into a MemoryRepo.
(Max Shawabkeh, #256)
* Fix handling of tags of non-commits in missing object finder.
(Augie Fackler, #211)
* Explicitly disable mmap on plan9 where it doesn't work.
(Jeff Sickel)
IMPROVEMENTS
* New public method `Repo.reset_index`. (Jelmer Vernooij)
* Prevent duplicate parsing of loose files in objects
directory when reading. Thanks to David Keijser for the
report. (Jelmer Vernooij, #231)
0.9.9 2015-03-20
SECURITY BUG FIXES
* Fix buffer overflow in C implementation of pack apply_delta().
(CVE-2015-0838)
Thanks to Ivan Fratric of the Google Security Team for
reporting this issue.
(Jelmer Vernooij)
0.9.8 2014-11-30
BUG FIXES
* Various fixes to improve test suite running on Windows.
(Gary van der Merwe)
* Limit delta copy length to 64K in v2 pack files. (Robert Brown)
* Strip newline from final ACKed SHA while fetching packs.
(Michael Edgar)
* Remove assignment to PyList_SIZE() that was causing segfaults on
pypy. (Jelmer Vernooij, #196)
IMPROVEMENTS
* Add porcelain 'receive-pack' and 'upload-pack'. (Jelmer Vernooij)
* Handle SIGINT signals in bin/dulwich. (Jelmer Vernooij)
* Add 'status' support to bin/dulwich. (Jelmer Vernooij)
* Add 'branch_create', 'branch_list', 'branch_delete' porcelain.
(Jelmer Vernooij)
* Add 'fetch' porcelain. (Jelmer Vernooij)
* Add 'tag_delete' porcelain. (Jelmer Vernooij)
* Add support for serializing/deserializing 'gpgsig' attributes in Commit.
(Jelmer Vernooij)
CHANGES
* dul-web is now available as 'dulwich web-daemon'.
(Jelmer Vernooij)
* dulwich.porcelain.tag has been renamed to tag_create.
dulwich.porcelain.list_tags has been renamed to tag_list.
(Jelmer Vernooij)
API CHANGES
* Restore support for Python 2.6. (Jelmer Vernooij, Gary van der Merwe)
0.9.7 2014-06-08
BUG FIXES
* Fix tests dependent on hash ordering. (Michael Edgar)
* Support staging symbolic links in Repo.stage.
(Robert Brown)
* Ensure that all files object are closed when running the test suite.
(Gary van der Merwe)
* When writing OFS_DELTA pack entries, write correct offset.
(Augie Fackler)
* Fix handler of larger copy operations in packs. (Augie Fackler)
* Various fixes to improve test suite running on Windows.
(Gary van der Merwe)
* Fix logic for extra adds of identical files in rename detector.
(Robert Brown)
IMPROVEMENTS
* Add porcelain 'status'. (Ryan Faulkner)
* Add porcelain 'daemon'. (Jelmer Vernooij)
* Add `dulwich.greenthreads` module which provides support
for concurrency of some object store operations.
(Fabien Boucher)
* Various changes to improve compatibility with Python 3.
(Gary van der Merwe, Hannu Valtonen, michael-k)
* Add OpenStack Swift backed repository implementation
in dulwich.contrib. See README.swift for details. (Fabien Boucher)
API CHANGES
* An optional close function can be passed to the Protocol class. This will
be called by its close method. (Gary van der Merwe)
* All classes with close methods are now context managers, so that they can
be easily closed using a `with` statement. (Gary van der Merwe)
* Remove deprecated `num_objects` argument to `write_pack` methods.
(Jelmer Vernooij)
OTHER CHANGES
* The 'dul-daemon' script has been removed. The same functionality
is now available as 'dulwich daemon'. (Jelmer Vernooij)
0.9.6 2014-04-23
IMPROVEMENTS
* Add support for recursive add in 'git add'.
(Ryan Faulkner, Jelmer Vernooij)
* Add porcelain 'list_tags'. (Ryan Faulkner)
* Add porcelain 'push'. (Ryan Faulkner)
* Add porcelain 'pull'. (Ryan Faulkner)
* Support 'http.proxy' in HttpGitClient.
(Jelmer Vernooij, #1096030)
* Support 'http.useragent' in HttpGitClient.
(Jelmer Vernooij)
* In server, wait for clients to send empty list of
wants when talking to empty repository.
(Damien Tournoud)
* Various changes to improve compatibility with
Python 3. (Gary van der Merwe)
BUG FIXES
* Support unseekable 'wsgi.input' streams.
(Jonas Haag)
* Raise TypeError when passing unicode() object
to Repo.__getitem__.
(Jonas Haag)
* Fix handling of `reset` command in dulwich.fastexport.
(Jelmer Vernooij, #1249029)
* In client, don't wait for server to close connection
first. Fixes hang when used against GitHub
server implementation. (Siddharth Agarwal)
* DeltaChainIterator: fix a corner case where an object is inflated as an
object already in the repository.
(Damien Tournoud, #135)
* Stop leaking file handles during pack reload. (Damien Tournoud)
* Avoid reopening packs during pack cache reload. (Jelmer Vernooij)
API CHANGES
* Drop support for Python 2.6. (Jelmer Vernooij)
0.9.5 2014-02-23
IMPROVEMENTS
* Add porcelain 'tag'. (Ryan Faulkner)
* New module `dulwich.objectspec` for parsing strings referencing
objects and commit ranges. (Jelmer Vernooij)
* Add shallow branch support. (milki)
* Allow passing urllib2 `opener` into HttpGitClient.
(Dov Feldstern, #909037)
CHANGES
* Drop support for Python 2.4 and 2.5. (Jelmer Vernooij)
API CHANGES
* Remove long deprecated ``Repo.commit``, ``Repo.get_blob``,
``Repo.tree`` and ``Repo.tag``. (Jelmer Vernooij)
* Remove long deprecated ``Repo.revision_history`` and ``Repo.ref``.
(Jelmer Vernooij)
* Remove long deprecated ``Tree.entries``. (Jelmer Vernooij)
BUG FIXES
* Raise KeyError rather than TypeError when passing in
unicode object of length 20 or 40 to Repo.__getitem__.
(Jelmer Vernooij)
* Use 'rm' rather than 'unlink' in tests, since the latter
does not exist on OpenBSD and other platforms.
(Dmitrij D. Czarkoff)
|
|
|
|
|
|
when mksh is used as CONFIG_SHELL.
Analysis and fix from Olivier Duclos in joyent/pkgsrc#256.
|
|
properly, and we may as well unbreak the only platform that could build
the package until now.
|
|
security/lasso to 2.4.1
www/ap2-auth-mellon to 0.10.0
|
|
NEWS since last version imported in pkgsrc
Version 0.10.0
---------------------------------------------------------------------------
* Make sure that we fail in the unlikely case where OpenSSL is not able
to provide us with a secure session id.
* Increase the number of key-value pairs in the session to 2048.
* Add MellonMergeEnvVars-option to store multi-valued attributes in
a single environment variable, separated with ';'.
* Bugfixes:
* Fix the [MAP] option for MellonCond.
* Fix cookie deletion for the session cookie. (Logout is not dependent
on the cookie being deleted, so this only fixes the cookie showing
up after the session is deleted.)
Version 0.9.1
---------------------------------------------------------------------------
* Bugfixes:
* Fix session offset calculation that prevented us from having
active sessions at once.
* Run mod_auth_mellon request handler before most other handlers,
so that other handlers cannot block it by accident.
Version 0.9.0
---------------------------------------------------------------------------
* Set the AssertionConsumerServiceURL attribute in authentication
requests.
* Bugfixes:
* Fix use of uninitialized data during logout.
* Fix session entry overflow leading to segmentation faults.
* Fix looking up sessions by NameID, which is used during logout.
Version 0.8.1
---------------------------------------------------------------------------
This is a security release with fixes backported from version 0.9.1.
It turned out that session overflow bugs fixes in version 0.9.0 and
0.9.1 can lead to information disclosure, where data from one session
is leaked to another session. Depending on how this data is used by the
web application, this may lead to data from one session being disclosed
to an user in a different session. (CVE-2014-8566)
In addition to the information disclosure, this release contains some
fixes for logout processing, where logout requests would crash the
Apache web server. (CVE-2014-8567)
Version 0.8.0
---------------------------------------------------------------------------
* Add support for receiving HTTP-Artifact identifiers as POST data.
* Simplify caching headers.
* Map login errors into more appropriate HTTP error codes than
400 Bad Request.
* Add MellonNoSuccessErrorPage option to redirect to a error page on login
failure.
* Turn session storage into a dynamic pool of memory, which means that
attribute values (and other items) can have arbitrary sizes as long as
they fit in the session as a whole.
* Various bugfixes:
* Fix for compatibility with recent versions of CURL.
* Fix broken option MellonDoNotVerifyLogoutSignature.
* Fix deadlock that could occur during logout processing.
* Fix some compile warnings.
* Fix some NULL derefernce bugs that may lead to segmentation faults.
* Fix a minor memory leak during IdP metadata loading.
Version 0.7.0
---------------------------------------------------------------------------
* Add MellonSPentityId to control entityId in autogenerated metadata
* Fix compatibility with Apache 2.4.
* Handle empty RelayState the same as missing RelayState.
* Add MellonSetEvnNoPrefix directive to set environment variables
without "MELLON_"-prefix.
|
|
NEWS from last pkgsrc version:
2.4.1 - Septembre 28th 2014
---------------------------
56 commits, 35 files changed, 12590 insertions(+), 31117 deletions(-)
- fix bug #4455 runtime bug in perl binding on debian wheezy 32bits #
- fix warning on g_type_init() on GLib > 2.36
- lot of null pointer, boundary checks, and dead code removal after validation
using Coverity and Clang static analyzer (Simo Sorce)
- always set NotOnOrAfter on the Condition element
- fix pkg-config typo (Simon Josefsson)
- Python binding now conserve the order of session indexes values
- fix memory leaks
- Python bindings now automatically convert unicode values to UTF-8
2.4.0 - January 7th 2014
------------------------
281 commits, 933 files changed, 45384 insertions, 6313 deletions
Minor version number increase since ABI was extended (new methods).
- Key rollover support:
Lasso is now able to accept messages signed by any key declared as a signing
key in a metadata and not just the last one. You can also decrypt encrypted
nodes using any of a list of private keys, allowing roll-over of encryption
certificates. Signing key roll-over is automatic, your provider just have to
provide the new signing key in their metadata. For multiple-encryption key
you can load another private key than the one loaded in the LassoServer
constuctor with code like that:
>>> import lasso
>>> server = lasso.Server(our_metadata, first_private_key_path)
>>> server.setEncryptionPrivateKey(second_private_key_path)
See the FAQ file for the workflow of a proper key roll-over.
- Partial logout response now produces a specific error code when parsed by
lasso_logout_process_response_msg()
- Bugs in lasso_assertion_query_build_request_msg() were fixed
- Processing of assertions is not stopped when checking that first level
status code is not success, so that later code can check the second level
status code.
- A new generic error for denied request was added,
LASSO_PROFILE_ERROR_REQUEST_DENIED
- A new API lasso_server_load_metadata() was added to load federation files
(XML files containing metadata from multiple providers) and to check
signatures on them.
- Better warning and errors are reported in logs when failing to load a
metadata file.
- Bugs around missing namespace declaration for dump file were fixed, it
prevented reloading dumped object (like LassoLogin).
- lasso_node_get_xml_node_for_any_type() must be able to copy the content of
an XML node to another (namespace, attribute and children). It did not, now
it is fixed. It can be used for example to add specific attribute like
xsi:type="string" to a Saml2AttributeValue. Here is a python snippet to do that:
>>> import lasso
>>> a = lasso.Saml2AttributeValue()
>>> a.setOriginalXmlnode('<Dummy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="string">Value</Dummy>')
>>> print a.debug(0)
<saml:AttributeValue xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="string">Value</saml:AttributeValue>
- support for symetric keys signatures: for a long time XMLDsig standard has
supported HMAC signature, or signature based on a shared secret key an hash
algorithm. Lasso now supports to share a key with another Lasso using
service or identity provider and to verify and sign SAML exchange using this
key. Performance can be 100 times more than with assymetric cryptography,
i.e. RSA.
- nodes able to hold any XML attribyte (like saml:AttributeValue) contains a
hashtable to for holding those attributes, those hashtable have a new syntax
for attributes of another namespace than the current node namespace,
inspired by the Python ElementTree library:
{the_namespace}the_attribute_name
ex:
{http://www.w3.org/2001/XMLSchema-instance}type
for the classic xsi:type attribute.
- xmldsig:X509Data node now possess a binding as a Lasso object. You can use
it combined with the new class LassoSaml2KeyInformationDataType to use the
holder-of-key subject confirmation method.
- The perfs benchmarking tools now allows to select a different metadata set
(for example to test with different public key sizes).
- Perl minimal version for the binding was downgraded to 5
- pseudo-XSchema validation: the new XML deserializer does more to enforce
constraints of the schema defining SAML messages. It means Lasso is less
forgiving with non-conform implementation of SAML.
- thin-sessions mode: A new flag was added named thin-session, you can set it
using lasso_set_flag("thin-sessions") or by setting the LASSO_FLAG
environement variable to the string "thin-sessions". The effect of this flag
is to remove complete storage of assertions in the LassoSession object,
which was made mainly to support logout and the artifact binding for ID-FF
1.2. A new thinner structure is used for supporting logout, and ID-FF 1.2
can now use the same storage mechanism as the SAML 2 implementation for the
artifact binding (i.e. using lasso_profile_get_artifact_message after
artifact generation and lasso_profile_set_artifact_message before artifact
retrieval).
- better initialization and access to SessionIndex in logout requests:
LassoSession now store all generated SessionIndex for a session using a
small structure, using it the LassoLogout profile can now initialize
LassoLogout message with all of them. It's not necessary to implement this
functionnalitý in your service or identity provider anymore.
- new LassoKey object: this new class was introduced to simplify management of
keys when using shared key signature. But you can also use it to load
assymetric keys. In the future it should gain API to do XML signature and
encryptiong independently of any SAML 2.0 or ID-FF 1.2 exchange. Providing
the first simple binding of libxmlsec to Python.
- Improvements to autoconf and automake files to compile under Darwin (Mac Os
X) and Fedora.
- a FAQ file was started.
- added API:
LASSO_LOGOUT_ERROR_PARTIAL_LOGOUT
LASSO_PROFILE_ERROR_ENDPOINT_INDEX_NOT_FOUND
LASSO_PROFILE_ERROR_REQUEST_DENIED
LASSO_PROVIDER_ROLE_ALL
LASSO_SERVER_ERROR_NO_PROVIDER_LOADED
LASSO_SERVER_LOAD_METADATA_FLAG_CHECK_ENTITIES_DESCRIPTOR_SIGNATURE
LASSO_SERVER_LOAD_METADATA_FLAG_CHECK_ENTITY_DESCRIPTOR_SIGNATURE
LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT
LASSO_SERVER_LOAD_METADATA_FLAG_INHERIT_SIGNATURE
LASSO_SIGNATURE_METHOD_HMAC_SHA1
LASSO_SIGNATURE_METHOD_NONE
LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA
LASSO_XMLENC_HREF
LASSO_XMLENC_PREFIX
struct LassoDsX509Data { LassoDsX509DataPrivate* private_data }
struct LassoKey { LassoKeyPrivate* private_data }
struct LassoSaml2KeyInfoConfirmationDataType { LassoSaml2KeyInfoConfirmationDataTypePrivate* private_data }
LassoServerLoadMetadataFlag
LassoDsX509Data* lasso_ds_key_value_get_x509_data ( LassoDsKeyValue* key_value )
None lasso_ds_key_value_set_x509_data ( LassoDsKeyValue* key_value, LassoDsX509Data* x509_data )
const char* lasso_ds_x509_data_get_certificate ( LassoDsX509Data* x509_data )
const char* lasso_ds_x509_data_get_crl ( LassoDsX509Data* x509_data )
const char* lasso_ds_x509_data_get_subject_name ( LassoDsX509Data* x509_data )
GType lasso_ds_x509_data_get_type ( )
LassoDsX509Data* lasso_ds_x509_data_new ( )
None lasso_ds_x509_data_set_certificate ( LassoDsX509Data* x509_data, const char* certificate )
None lasso_ds_x509_data_set_crl ( LassoDsX509Data* x509_data, const char* crl )
None lasso_ds_x509_data_set_subject_name ( LassoDsX509Data* x509_data, const char* subject_name )
GType lasso_key_get_type ( )
LassoKey* lasso_key_new_for_signature_from_base64_string ( char* base64_string, char* password, LassoSignatureMethod signature_method, char* certificate )
LassoKey* lasso_key_new_for_signature_from_file ( char* filename_or_buffer, char* password, LassoSignatureMethod signature_method, char* certificate )
char* lasso_key_query_sign ( LassoKey* key, const char* query )
lasso_error_t lasso_key_query_verify ( LassoKey* key, const char* query )
xmlNode* lasso_key_saml2_xml_sign ( LassoKey* key, const char* id, xmlNode* document )
lasso_error_t lasso_key_saml2_xml_verify ( LassoKey* key, char* id, xmlNode* document )
GList* lasso_lib_logout_request_get_session_indexes ( LassoLibLogoutRequest* lib_logout_request )
None lasso_lib_logout_request_set_session_indexes ( LassoLibLogoutRequest* lib_logout_request, GList* session_indexes )
lasso_error_t lasso_provider_add_key ( LassoProvider* provider, LassoKey* key, gboolean after )
lasso_error_t lasso_provider_set_server_signing_key ( LassoProvider* provider, LassoKey* key )
int lasso_provider_verify_signature ( LassoProvider* provider, const char* message, const char* id_attr_name, LassoMessageFormat format )
GList* lasso_saml2_key_info_confirmation_data_type_get_key_info ( LassoSaml2KeyInfoConfirmationDataType* kicdt )
GType lasso_saml2_key_info_confirmation_data_type_get_type ( )
LassoNode* lasso_saml2_key_info_confirmation_data_type_new ( )
None lasso_saml2_key_info_confirmation_data_type_set_key_info ( LassoSaml2KeyInfoConfirmationDataType* kicdt, GList* key_infos )
gboolean lasso_saml_name_identifier_equals ( LassoSamlNameIdentifier* a, LassoSamlNameIdentifier* b )
lasso_error_t lasso_server_add_provider2 ( LassoServer* server, LassoProvider* provider )
lasso_error_t lasso_server_load_metadata ( LassoServer* server, LassoProviderRole role, const gchar* federation_file, const gchar* trusted_roots, GList* blacklisted_entity_ids, GList** loaded_entity_ids, LassoServerLoadMetadataFlag flags )
GList* lasso_session_get_assertion_ids ( LassoSession* session, const gchar* providerID )
GList* lasso_session_get_name_ids ( LassoSession* session, const gchar* providerID )
GList* lasso_session_get_session_indexes ( LassoSession* session, const gchar* providerID, LassoNode* name_id )
|
|
|
|
----------------
Documentation
*************
- Extend support to Python 3.4, deprecating Python 3.2.
- Issue #198: Mention Zake as a sophisticated kazoo mock testing library.
- Issue #181: Add documentation on basic logging setup.
|
|
|
|
PYTHON_VERSIONS_INCOMPATIBLE in options.mk so it we don't overwrite the
default value.
|
|
|
|
|
|
Try harder to avoid smtp_code values that are not three digits
1.537 2015-03-17
Recognize the standard Postfix "rejected by rbl" as spam
|
