| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
===
F-PROT Antivirus for Unix, version 6.2.1
Compatibility for older Linux distros improved (glibc 2.3 for 32 bit version and glibc 2.4 for 64 bit version)
Compatibility for older Solaris/SunOS version improved (both 32 and 64 bit versions are compatible with solaris 8 now)
64 bit FreeBSD now supported
===
F-PROT Antivirus for Unix, version 6.2.0
Scan engine upgraded from 4.6.2 to 4.6.5 with improved detection rates and fewer false positives.
Multiple issues with the mail scanners have been fixed.
===
F-PROT Antivirus for Unix, version 6.1.1
fpupdate fix to prevent crash on certain 64 bit Linux systems.
|
|
|
|
|
|
* OPENDNSSEC-277: Enforcer: Performance optimisation of database access.
Bugfixes:
* SUPPORT-27: ods-ksmutil: simplify zone delete so that it only marks keys as
dead (rather than actually removing them). Leave the key removal to purge
jobs.
(Ok'ed by wiz@)
|
|
|
|
|
|
* misc Release numbering changed to three level "major.minor.revison" scheme
* bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson)
* doc Improved README file (Thanks to Jan-Piet Mens)
* misc Fix of some typos in log messages
* bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked)
* misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode)
Default Sig Lifetime changed from 10 days to 3 weeks (21 days)
Default ZSK lifetime changed from 3 months to 4 times the sig lifetime
Default KSK lifetime changed from 1 year to 2 years
Parameter checks in checkconfig() adapted.
KSK random device changed back from /dev/urandom to BIND default
(Be aware of some possibly long delay in key generation)
* func New configure option to set the bind utility path manually (--enable-bindutil_path)
BIND_UTIL_PATH in config_zkt.h will no longer used
* bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1
or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead.
* bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz)
* func Description added to (some of the) dnssec.conf parameters
* func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs
* misc Config file syntax changed to parameter names without underscores.
zkt-conf uses ZKT_VERSION string as config version
* bug "make install-man" now installs all man page
* bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already
included dnskey.db file if another file was included.
* misc destination dnssec-zkt removed from Makefile.in
* func dki_prt_managedkeys() added to dki.c
zkt_list_managedkeys() added to zkt.c
zkt-ls has new option -M to print out a list of managed-keys
* bug Bug fixed in the config parser (zconf.c). Couldn't parse
agorithm RSASHA512 correctly (Thanks to Michael Sinatra)
|
|
|
|
* Add an anon_fast option that attempts anonymous authentication
(generally implemented via anonymous PKINIT inside the Kerberos
library) and then, if successful, uses those credentials for FAST
armor. If fast_ccache and anon_fast are both specified, anonymous
authentication will be used as a fallback if the specified FAST ticket
cache doesn't exist. Based on patches from Yair Yarom.
* Add a user_realm option to only set the realm for unqualified user
principals. This differs from the existing realm option in that realm
also changes the default realm for authorization decisions and for
verification of credentials. Update the realm option documentation to
clarify the differences and remove incorrect information. Patch from
Roland C. Dowdeswell.
* Add a no_prompt option to suppress the PAM module's prompt for the
user's password and defer all prompting to the Kerberos library. This
allows the Kerberos library to have complete control of the prompting
process, which may be desireable if authentication mechanisms other
than password are in use. Be aware that, with this option set, the
PAM module has no control over the contents of the prompt and cannot
store the user's password in the PAM data. Based on a patch by Yair
Yarom.
* Add a silent option to force the module to behave as if the
application had passed in PAM_SILENT and suppress text messages and
errors from the Kerberos library. Patch from Yair Yarom.
* Add preliminary support for Kerberos trace logging via a trace option
that enables trace logging if supported by the underlying Kerberos
library. The option takes as an argument the file name to which to
log trace output. This option does not yet work with any released
version of Kerberos, but may work with the next release of MIT
Kerberos.
* MIT Kerberos does not add a colon and space to its password prompts,
but Heimdal does. pam-krb5 previously unconditionally added a colon
and space, resulting in doubled colons with Heimdal. Work around this
inconsistency by not adding the colon and space if already present.
* Fix alt_auth_map support to preserve the realm of the authentication
identity when forming the alternate authentication principal, matching
the documentation.
* Document that the alt_auth_map format may contain a realm to force all
mapped principals to be in that realm. In that case, don't add the
realm of the authentication identity. Note that this can be used as a
simple way to attempt authentication in an alternate realm first and
then fall back to the local realm, although any complex attempt at
authentication in multiple realms should instead run the module
multiple times with different realm settings.
* Avoid a NULL pointer dereference if krb5_init_context fails.
* Fix initialization of time values in the module configuration on
platforms (like S/390X) where krb5_deltat is not equivalent to long.
* Close a memory leak when search_k5login is set but the user has no
.k5login file.
* Close several memory leaks in alt_auth_map support.
* Suppress bogus error messages about unknown option for the realm
option. The option was being parsed and honored despite the error.
* Retry authentication under try_first_pass on several other errors in
addition to decrypt integrity check errors to handle a wider array of
possible "password incorrect" error messages from the KDC.
* Update to rra-c-util 4.4:
* Update to C TAP Harness 1.12:
|
|
|
|
|
|
so f-spot can use it.
|
|
* Added libpam-runtime support for debian
* Added use_first_pass and try_first_pass option, thanks to Luc Ducazu <lducazu@gmail.com>
* Changed e-mail adres to jeroen@jeroennijhof.nl
* Improved accounting, added cmd attribute for command logging
* Added tac_acct_flag2str()
* Renamed tac_account_read, tac_account_send to tac_acct_read and tac_acct_send
* pam_tacplus.spec.in: fixed static library path and pam_tacplus.so location
* Debian packaging improvements
|
|
- Bux fix release
- Rollerd's -alwayssign flag logic had a critical error that could
have caused a zone to be signed with the wrong ZSK at particular
points of the ZSK key rolling process.
|
|
* Only use libyubikey when --with-cr is used.
* Set correct permissions on tempfile.
* YubiKey 2.2 contains a bug in challenge-response that makes it output the
same response to all challenges unless HMAC_LT64 is set. Add warnings to
ykpamcfg and a warning through conversate in the pam module. Keys programmed
like this should be reprogrammed with the HMAC_LT64 flag set.
|
|
* Implement option -ooath-id to easily set OATH token identifier.
* Fix numerous compiler warnings from clang. Thanks to
Clemens Lang <neverpanic@gmail.com>.
|
|
* ykclient: Add C++ namespace protection.
* Add multi-server support with curl_multi.
Enabled by default for YubiCloud servers.
Settable with the new library function set_template_urls() or
the urls parameter to ykclient_verify_otp_v2().
* Remove extra % in ykclient help.
* Add ca path option to ykclient, --ca.
Patch from Jay Kline <jay.kline.ctr@hpcmo.hpc.mil>.
* Make the nonce unique for consecutive calls to the same ykclient handle.
* Do url encoding of OTP before sending.
* Fix segfault on curl error.
Patch from Lee Hinman <lee.hinman.ctr@hpc.mil>
|
|
* Updated ld-version-script from gnulib to silence warnings.
* Fix out-of-tree builds.
|
|
|
|
decentralized, and highly reliable synchronization. That means that a key
submitted to one SKS server will quickly be distributed to all key servers,
and even wildly out-of-date servers, or servers that experience spotty
connectivity, can fully synchronize with rest of the system.
|
|
|
|
|
|
Bug fixes.
|
|
|
|
|
|
|
|
|
|
* authpam.c (callback_pam): Call pam_end() after an authentication attempt.
* Makefile.am: Renamed authstaticlist.h to courierauthstaticlist.h, and
added it to the list of header files that 'make install' puts into
includedir.
* Fix gcc 4.6 warnings
* courier.spec.in: switch to systemd.
* Fix autoconf warnings.
* courier-authlib.spec: Make rmplint happy.
|
|
Parallelize signature verification (-n option)
|
|
|
|
https://github.com/krb5/krb5/commit/ca2909440015d33be42e77d1955194963d8c0955
|
|
* Noteworthy changes in release 2.13 (2012-05-31) [stable]
- Updated fix for DER decoding issue to not depend on specific compilers.
- Updated DER decoding check to apply to short form integers as well.
|
|
|
|
This module provides a Perl API for the BSDs' arc4random(3) suite
of functions and adds a few high-level functions, such as the new
arc4random_uniform(3). The Perl functions are ithreads-safe (only
if threads::shared is required). Scalars can be tied to this pak-
kage, yielding uniformly distributed random numbers with an arbi-
trary upper bound on read access, contributing to the RC4 entropy
pool on write access. An exported global $RANDOM variable returns
15-bit unsigned random numbers, from [0; 32767], similar to mksh.
Furthermore, Perl's internal PRNG is seeded with entropy obtained
from the arc4random generator once on module load time.
|
|
=== 2.5.2 / 25 May 2012
* Fix for Net::SSH::KnownHosts::SUPPORTED_TYPE [Marco Sandrini]
=== 2.5.1 / 24 May 2012
* Added missing file to manifest [Marco Sandrini]
=== 2.5.0 / 24 May 2012
* Implement many algorithms [Ryosuke Yamazaki]
* Key Exchange
* diffie-hellman-group14-sha1
* ecdh-sha2-nistp{256,384,521}
* Host Key
* ecdsa-sha2-nistp{256,384,521}
* Authentication
* ecdsa-sha2-nistp{256,384,521}
* HMAC
* hmac-ripemd160
* Cipher:
* aes{128,192,256}-ctr
* camellia{128,192,256}-ctr
* blowfish-ctr
* cast128-ctr
* 3des-ctr
* arcfour (has problems with weak keys, and should be used with caution)
* camellia{128,192,256}-cbc
=== 2.4.0 / 17 May 2012
* Support for JRuby + Pageant + Windows [arturaz]
|
|
|
|
|
|
Collection.
The is the Perl application bundle for ClusterSSH (a.k.a cssh), formally
a GNU tools based project.
ClusterSSH is a tool for making the same change on multiple servers at
the same time. The 'cssh' command opens an administration console and
an xterm to all specified hosts. Any text typed into the administration
console is replicated to all windows. All windows may also be typed into
directly.
This tool is intended for (but not limited to) cluster administration
where the same configuration or commands must be run on each node
within the cluster. Performing these commands all at once via this
tool ensures all nodes are kept in sync.
|
|
The OpenSSH LDAP Public Key patch provides an easy way of centralizing strong
user authentication by using an LDAP server for retrieving public keys instead
of ~/.ssh/authorized_keys.
|
|
from 0.52 to 0.57.
Upstream changes:
0.57 Dec 21, 2011
- quote equal sign
- do not quote commas
0.56_01 Dec 8, 2011
- rsync methods were failing when user was defined (bug report
by black_fire)
- detect when the destructor is being called from a different
thread (bug report by troy99 at PerlMonks)
- support for Net::OpenSSH::Gateway added
0.55 Dec 6, 2011
- solve regression from 0.53_03: rsync methods were broken
because the hostname was not being correctly removed from
the ssh command passed to rsync (bug report by Mithun
Ayachit)
0.54 Dec 4, 2011
- release as stable
0.53_05 Nov 23, 2011
- scp methods were broken when a user was given (bug report by
Andrew J. Slezak)
- add support for verbose option in scp methods
- implement parse_connections_opts
- solve bug related to expansion of HOST var when an IPv6
address was given
- move FACTORY docs to the right place
- add FAQ about running remote commands via sudo
- add sample for Net::Telnet integration
- add sample for sudo usage reading password from DATA
0.53_04 Sep 2, 2011
- add default_ssh_opts feature
- getpwuid may fail, check $home is defined before using it
- add FAQ entry about MaxSessions limit reached
- move FACTORY docs to the right place
0.53_03 Aug 18, 2011
- handling of default_std*_file was broken (bug report and
patch by Nic Sandfield)
- keep errors from opening default slave streams
- add Net::OpenSSH::ConnectionCache package
- add FACTORY hook
- place '--' in ssh command after host name
- add support for die_on_error
- add support for batch_mode feature
- typo in sample code corrected (reported by Fernando Sierra)
- using { stdin_data => [] } was generating warnings
0.53_02 Jul 12, 2011
- add support for custom login handlers
- remove SIG{__WARN__} localizations
0.53_01 May 15, 2011
- quoter and glob_quoter fully rewritten from scratch
- quoter was not handling "\n" correctly (bug report and work
around by Skeeve)
- minor doc improvements
|
|
security/p5-IO-Socket-SSL from 1.66 to 1.74.
Upstream changes:
v1.74 2012.05.13
- accept a version of SSLv2/3 as SSLv23, because older documentation
could be interpreted like this
v1.73 2012.05.11
- make test t/dhe.t hopefully work for more version of openssl
Thanks to paul[AT]city-fan[DOT]org for providing bug reports and
testing environment
v1.72 2012.05.10
- set DEFAULT_CIPHER_LIST to ALL:!LOW instead of HIGH:!LOW
Thanks to dcostas[AT]gmail[DOT]com for problem report
v1.71 2012.05.09
- 1.70 done right. Also don't disable SSLv2 ciphers, SSLv2 support is better
disabled by the default SSL_version of 'SSLv23:!SSLv2'
v1.70 2012.05.08
- make it possible to disable protols using SSL_version, make SSL_version
default to 'SSLv23:!SSLv2'
v1.69 2012.05.08
- re-added workaround in t/dhe.t
v1.68 2012.05.07
- remove SSLv2 from default cipher list, which makes failed tests after last
change work again, fix behvior for empty cipher list (use default)
v1.67 2012.05.07
- https://rt.cpan.org/Ticket/Display.html?id=76929
thanks to d[DOT]thomas[AT]its[DOT]uq[DOT]edu[DOT]au for reporting
- if no explicit cipher list is given it will now default to ALL:!LOW instead
of the openssl default, which usually includes weak ciphers like DES.
- new config key SSL_honor_cipher_order and documented how to use it to fight
BEAST attack.
|
|
from 1.45 to 1.48.
Upstream changes since 1.45:
1.48 2012-04-25
Removed unneeded Debian_CPANTS.txt from MANIFEST.
Fixed incorrect documentation about the best way to call CTX_set_options.
Fixed problem that caused Undefined subroutine utf8::encode @
t/local/33_x509_create_cert.t (on perl 5.6.2). Thanks to kmx.
In examples and pod documentations, changed #!/usr/local/bin/perl to #!/usr/bin/perl.
t/local/06_tcpecho.t now tries a number of ports to bind to until
successful.
1.47 2012-04-04
Fixed overlong lines in pod, patch from Salvatore Bonaccorso, Debian Perl
Group
Fixed spelling errors in pod, patch from Salvatore Bonaccorso, Debian Perl
Group
Fixed extra "garbage" files in 1.46 tarball. Patch from kmx.
Fixed incorrect fail reports on some 64 bit platforms. Patch from paul.
Fix to avoid FAIL reports from cpantesters with missing openssl
Use my_snprintf from ppport.h to prevent link failures with perl 5.8 and
earlier when compiled with MSVC.
1.46 2012-04-03
Fixed a problem reported by Atoomic:
When bootstrapping Net::SSleay ( with DynaLoader ) if you override the SIG{DIE} signal, using
Net::SSLeay will result in an error.
Recreated META.yml, added META.yml to dist
Fixed typo: the word "corresponding" was mis-spelled as "coresponding"
throughout the POD. Patched by kmx.
Updated META.yml to include repository and bugtracker
Constants cleanup - removing non existing constants (perhaps from pre-0.9.6 era) - kmx
Automatic constants.c generation via helper_script/regen_openssl_constants.pl - kmx
Future changes in constants now under better control via
t/local/21_constants.t - kmx
Added missing new files
Reordering @EXPORT_OK (constants first, functions next) - kmx
Adding missing 51 constants to @EXPORT_OK + test to keep it in sync - kmx
Instructions "howto add new constant" added to helper_script/regen_openssl_constants.pl - kmx
NEWLY INTRODUCED CONSTANTS:
- Net::SSLeay::ASN1_STRFLGS_ESC_CTRL
- Net::SSLeay::ASN1_STRFLGS_ESC_MSB
- Net::SSLeay::ASN1_STRFLGS_ESC_QUOTE
- Net::SSLeay::ASN1_STRFLGS_RFC2253
- Net::SSLeay::ERROR_WANT_ACCEPT
- Net::SSLeay::EVP_PKS_DSA
- Net::SSLeay::EVP_PKS_EC
- Net::SSLeay::EVP_PKS_RSA
- Net::SSLeay::EVP_PKT_ENC
- Net::SSLeay::EVP_PKT_EXCH
- Net::SSLeay::EVP_PKT_EXP
- Net::SSLeay::EVP_PKT_SIGN
- Net::SSLeay::EVP_PK_DH
- Net::SSLeay::EVP_PK_DSA
- Net::SSLeay::EVP_PK_EC
- Net::SSLeay::EVP_PK_RSA
- Net::SSLeay::MBSTRING_ASC
- Net::SSLeay::MBSTRING_BMP
- Net::SSLeay::MBSTRING_FLAG
- Net::SSLeay::MBSTRING_UNIV
- Net::SSLeay::MBSTRING_UTF8
- Net::SSLeay::OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- Net::SSLeay::OP_CISCO_ANYCONNECT
- Net::SSLeay::OP_CRYPTOPRO_TLSEXT_BUG
- Net::SSLeay::OP_LEGACY_SERVER_CONNECT
- Net::SSLeay::OP_NO_TLSv1_1
- Net::SSLeay::OP_NO_TLSv1_2
- Net::SSLeay::OP_SINGLE_ECDH_USE
- Net::SSLeay::OP_TLS_BLOCK_PADDING_BUG
- Net::SSLeay::X509_V_FLAG_CHECK_SS_SIGNATURE
- Net::SSLeay::X509_V_FLAG_EXTENDED_CRL_SUPPORT
- Net::SSLeay::X509_V_FLAG_POLICY_MASK
- Net::SSLeay::X509_V_FLAG_USE_DELTAS
- Net::SSLeay::X509_V_OK
- Net::SSLeay::XN_FLAG_COMPAT
- Net::SSLeay::XN_FLAG_DN_REV
- Net::SSLeay::XN_FLAG_DUMP_UNKNOWN_FIELDS
- Net::SSLeay::XN_FLAG_FN_ALIGN
- Net::SSLeay::XN_FLAG_FN_LN
- Net::SSLeay::XN_FLAG_FN_MASK
- Net::SSLeay::XN_FLAG_FN_NONE
- Net::SSLeay::XN_FLAG_FN_OID
- Net::SSLeay::XN_FLAG_FN_SN
- Net::SSLeay::XN_FLAG_MULTILINE
- Net::SSLeay::XN_FLAG_ONELINE
- Net::SSLeay::XN_FLAG_RFC2253
- Net::SSLeay::XN_FLAG_SEP_COMMA_PLUS
- Net::SSLeay::XN_FLAG_SEP_CPLUS_SPC
- Net::SSLeay::XN_FLAG_SEP_MASK
- Net::SSLeay::XN_FLAG_SEP_MULTILINE
- Net::SSLeay::XN_FLAG_SEP_SPLUS_SPC
- Net::SSLeay::XN_FLAG_SPC_EQ
A number of tests were present in svn, but missing from MANIFEST, and
were therefore not included in the dist. Added.
NEWLY INTRODUCED FUNCTIONS:
- Net::SSLeay::ASN1_INTEGER_free
- Net::SSLeay::ASN1_INTEGER_get
- Net::SSLeay::ASN1_INTEGER_new
- Net::SSLeay::ASN1_INTEGER_set
- Net::SSLeay::EVP_PKEY_assign_RSA
- Net::SSLeay::EVP_PKEY_bits
- Net::SSLeay::EVP_PKEY_free
- Net::SSLeay::EVP_PKEY_new
- Net::SSLeay::EVP_PKEY_size
- Net::SSLeay::EVP_get_cipherbyname
- Net::SSLeay::OPENSSL_add_all_algorithms_conf
- Net::SSLeay::OPENSSL_add_all_algorithms_noconf
- Net::SSLeay::OpenSSL_add_all_algorithms
- Net::SSLeay::PEM_get_string_PrivateKey
- Net::SSLeay::PEM_get_string_X509_CRL
- Net::SSLeay::PEM_get_string_X509_REQ
- Net::SSLeay::PEM_read_bio_PrivateKey
- Net::SSLeay::PEM_read_bio_X509
- Net::SSLeay::PEM_read_bio_X509_REQ
- Net::SSLeay::P_ASN1_INTEGER_get_dec
- Net::SSLeay::P_ASN1_INTEGER_get_hex
- Net::SSLeay::P_ASN1_INTEGER_set_dec
- Net::SSLeay::P_ASN1_INTEGER_set_hex
- Net::SSLeay::P_ASN1_STRING_get
- Net::SSLeay::P_X509_CRL_add_revoked_serial_hex
- Net::SSLeay::P_X509_CRL_get_serial
- Net::SSLeay::P_X509_CRL_set_serial
- Net::SSLeay::P_X509_REQ_add_extensions
- Net::SSLeay::P_X509_REQ_get_attr
- Net::SSLeay::P_X509_add_extensions
- Net::SSLeay::P_X509_copy_extensions
- Net::SSLeay::P_X509_get_crl_distribution_points
- Net::SSLeay::P_X509_get_ext_key_usage
- Net::SSLeay::P_X509_get_key_usage
- Net::SSLeay::P_X509_get_netscape_cert_type
- Net::SSLeay::P_X509_get_pubkey_alg
- Net::SSLeay::P_X509_get_signature_alg
- Net::SSLeay::P_PKCS12_load_file
- Net::SSLeay::X509V3_EXT_print
- Net::SSLeay::X509_CRL_digest
- Net::SSLeay::X509_CRL_free
- Net::SSLeay::X509_CRL_get_issuer
- Net::SSLeay::X509_CRL_get_lastUpdate
- Net::SSLeay::X509_CRL_get_nextUpdate
- Net::SSLeay::X509_CRL_get_version
- Net::SSLeay::X509_CRL_new
- Net::SSLeay::X509_CRL_set_issuer_name
- Net::SSLeay::X509_CRL_set_lastUpdate
- Net::SSLeay::X509_CRL_set_nextUpdate
- Net::SSLeay::X509_CRL_set_version
- Net::SSLeay::X509_CRL_sign
- Net::SSLeay::X509_CRL_sort
- Net::SSLeay::X509_CRL_verify
- Net::SSLeay::X509_EXTENSION_get_critical
- Net::SSLeay::X509_EXTENSION_get_data
- Net::SSLeay::X509_EXTENSION_get_object
- Net::SSLeay::X509_NAME_ENTRY_get_data
- Net::SSLeay::X509_NAME_ENTRY_get_object
- Net::SSLeay::X509_NAME_add_entry_by_NID
- Net::SSLeay::X509_NAME_add_entry_by_OBJ
- Net::SSLeay::X509_NAME_add_entry_by_txt
- Net::SSLeay::X509_NAME_cmp
- Net::SSLeay::X509_NAME_digest
- Net::SSLeay::X509_NAME_entry_count
- Net::SSLeay::X509_NAME_get_entry
- Net::SSLeay::X509_NAME_print_ex
- Net::SSLeay::X509_REQ_add1_attr_by_NID
- Net::SSLeay::X509_REQ_digest
- Net::SSLeay::X509_REQ_free
- Net::SSLeay::X509_REQ_get_attr_by_NID
- Net::SSLeay::X509_REQ_get_attr_by_OBJ
- Net::SSLeay::X509_REQ_get_attr_count
- Net::SSLeay::X509_REQ_get_pubkey
- Net::SSLeay::X509_REQ_get_subject_name
- Net::SSLeay::X509_REQ_get_version
- Net::SSLeay::X509_REQ_new
- Net::SSLeay::X509_REQ_set_pubkey
- Net::SSLeay::X509_REQ_set_subject_name
- Net::SSLeay::X509_REQ_set_version
- Net::SSLeay::X509_REQ_sign
- Net::SSLeay::X509_REQ_verify
- Net::SSLeay::X509_certificate_type
- Net::SSLeay::X509_digest
- Net::SSLeay::X509_get_ext_count
- Net::SSLeay::X509_get_pubkey
- Net::SSLeay::X509_get_serialNumber
- Net::SSLeay::X509_get_version
- Net::SSLeay::X509_issuer_and_serial_hash
- Net::SSLeay::X509_issuer_name_hash
- Net::SSLeay::X509_new
- Net::SSLeay::X509_pubkey_digest
- Net::SSLeay::X509_set_issuer_name
- Net::SSLeay::X509_set_pubkey
- Net::SSLeay::X509_set_serialNumber
- Net::SSLeay::X509_set_subject_name
- Net::SSLeay::X509_set_version
- Net::SSLeay::X509_sign
- Net::SSLeay::X509_subject_name_hash
- Net::SSLeay::X509_verify
- Net::SSLeay::d2i_X509_CRL_bio
- Net::SSLeay::d2i_X509_REQ_bio
- Net::SSLeay::d2i_X509_bio
- Net::SSLeay::set_tlsext_host_name
- Net::SSLeay::CTX_set_next_protos_advertised_cb
- Net::SSLeay::CTX_set_next_proto_select_cb
- Net::SSLeay::P_next_proto_negotiated
- Net::SSLeay::P_next_proto_last_status
Fixed a problem with multiple Safefree of GLOBAL_openssl_mutex when run
under apache2+mod_perl on recent Debain distros. Removed END and
openssl_threads_cleanup() since they can be called during thread
destruction, and not necessarily at process exit time.
Added missing helper_script/regen_openssl_constants.pl to MANIFEST. Add
MANIFEST to svn.
Fixed reported errors about try to plan twice in 21_constants.t on some platforms.
Removed MANIFEST from svn, improve possibility to use Module::Install in Net-SSleay
distribution in usual way. new target for make manifest
Fix 2 issues with CTX_use_PKCS12_file
1/ leaking memory - missing EVP_PKEY_free + X509_free
2/ pkcs12 filesize limitation
Fixed problems with regenerating scripts in Makefile.PL
Added missing dependencies for SSLeay.o to Makefile.PL
Added missing test files to svn
Fixed calling convention for Net::SSLeay::get_shared_ciphers + test + doc update
Added coding guidelines to SSLeay.xs
Fix for serial number issue.
Major patch to refactor callback code to make it more extensible and
remove duplicate code. Thanks to kmx.
Fixed a problem in t/local/07_sslecho.t when running on
openssl-0.9.6
Fixed pod parsing errors reported by Olivier Mengué
Better prevention of leaking SVs in the new callback stuff
Debug messages in SSLeay.xs can be enabled by: perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
Fixing X509_NAME_oneline (calling OPENSSL_free at the right place)
Fixed a problem with crashing when run under apache2+modssl+modperl on
Debian Wheezy. Now detects if it is running under ModPerl and uses ModSSLs
thread locking instead.
Added more debg printing. Enable with
perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
Added NPN support, thanks to kmx
Added t/local/40_npn_support.t tests for new NPN support
Fixed some compiler warnings. Courtesy kmx.
Fixed a problem with Win32 detection. Courtesy kmx.
|
|
security/p5-Digest-MD5-File from 0.07nb3 to 0.08.
pkgsrc changes:
- Digest::MD5 distributed with Perl5 core satisfies dependency, CPAN
module is not required
Upstream changes:
0.08 Fri Apr 6 19:39:52 2012
- Address rt 76174 (accept a filename that ends with a space)
- Address rt 44106 (Documentation issue)
- Address rt 39898 (Inconsistent results from adddir)
|
|
from 0.17 to 0.18.
Upstream changes:
0.18 Sat Nov 12 23:09:05 2011
- added convenience wrappers for 'cont', #70672
- fixed few issues in xs code, #70674
- added openpgparmor support, #72387
|
|
This is a new major stable release. Brief changes compared to 1.6.x:
* SAML20 support following RFC 6595.
* OPENID20 support following RFC 6616.
* Added SMTP server examples (for e.g., SCRAM, SAML20, OPENID20).
* Various cleanups, portability and other bug fixes.
See the NEWS entries during the 1.7.x branch for details.
|
|
* libgnutls: When decoding a PKCS #11 URL the pin-source field is assumed to be
a file that stores the pin.
* libgnutls: Added strict tests in Diffie-Hellman and SRP key exchange public
keys.
* minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).
|
|
2.6
===
* [CVE-2012-2417] Fix LP#985164: insecure ElGamal key generation.
(thanks: Legrandin)
In the ElGamal schemes (for both encryption and signatures), g is
supposed to be the generator of the entire Z^*_p group. However, in
PyCrypto 2.5 and earlier, g is more simply the generator of a random
sub-group of Z^*_p.
The result is that the signature space (when the key is used for
signing) or the public key space (when the key is used for encryption)
may be greatly reduced from its expected size of log(p) bits, possibly
down to 1 bit (the worst case if the order of g is 2).
While it has not been confirmed, it has also been suggested that an
attacker might be able to use this fact to determine the private key.
Anyone using ElGamal keys should generate new keys as soon as practical.
Any additional information about this bug will be tracked at
https://bugs.launchpad.net/pycrypto/+bug/985164
* Huge documentation cleanup (thanks: Legrandin).
* Added more tests, including test vectors from NIST 800-38A
(thanks: Legrandin)
* Remove broken MODE_PGP, which never actually worked properly.
A new mode, MODE_OPENPGP, has been added for people wishing to write
OpenPGP implementations. Note that this does not implement the full
OpenPGP specification, only the "OpenPGP CFB mode" part of that
specification.
https://bugs.launchpad.net/pycrypto/+bug/996814
* Fix: getPrime with invalid input causes Python to abort with fatal error
https://bugs.launchpad.net/pycrypto/+bug/988431
* Fix: Segfaults within error-handling paths
(thanks: Paul Howarth & Dave Malcolm)
https://bugs.launchpad.net/pycrypto/+bug/934294
* Fix: Block ciphers allow empty string as IV
https://bugs.launchpad.net/pycrypto/+bug/997464
* Fix DevURandomRNG to work with Python3's new I/O stack.
(thanks: Sebastian Ramacher)
* Remove automagic dependencies on libgmp and libmpir, let the caller
disable them using args.
* Many other minor bug fixes and improvements (mostly thanks to Legrandin)
|
|
* OPENDNSSEC-228: Signer Engine: Make 'ods-signer update' reload signconfs
even if zonelist has not changed.
* OPENDNSSEC-231: Signer Engine: Allow for Classless IN-ADDR.ARPA names
(RFC 2317).
* OPENDNSSEC-234: Enforcer: Add indexes for foreign keys in kasp DB. (sqlite
only, MySQL already has them.)
* OPENDNSSEC-246: Signer Engine: Warn if <Audit/> is in signer configuration,
but ods-auditor is not installed
* OPENDNSSEC-249: Enforcer: ods-ksmutil: If key export finds nothing to do
then say so rather than display nothing which might be misinterpreted.
Bugfixes:
* OPENDNSSEC-247: Signer Engine: TTL on NSEC(3) was not updated on SOA
Minimum change.
* OPENDNSSEC-253: Enforcer: Fix "ods-ksmutil zone delete --all"
|
|
* Increased performance by adding more indexes to the database.
* Describe the usage of SO and user PIN in the README.
Bugfixes:
* Detect if a C++ compiler is missing.
|
