| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.193
- security/openssl/builtin.mk 1.42
- security/openssl/distinfo 1.106-1.107
- security/openssl/patches/patch-Configure 1.2
- security/openssl/patches/patch-Makefile.org 1.2
- security/openssl/patches/patch-Makefile.shared 1.2
- security/openssl/patches/patch-apps_Makefile 1.2
- security/openssl/patches/patch-config 1.2
- security/openssl/patches/patch-crypto_bn_bn__prime.pl 1.2
- security/openssl/patches/patch-crypto_des_Makefile 1.1
- security/openssl/patches/patch-crypto_dso_dso__dlfcn.c 1.2
- security/openssl/patches/patch-doc_apps_cms.pod deleted
- security/openssl/patches/patch-doc_apps_smine.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__COMP__add__compression__method.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__add__session.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__load__verify__locations.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__session__id__context.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__set__ssl__version.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__accept.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__clear.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__connect.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__read.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__session__reused.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__set__fd.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__set__session.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod deleted
- security/openssl/patches/patch-doc_ssl_SSL__write.pod deleted
- security/openssl/patches/patch-engines_ccgost_Makefile 1.2
- security/openssl/patches/patch-tools_Makefile 1.2
---
Module Name: pkgsrc
Committed By: rodent
Date: Tue May 13 02:23:11 UTC 2014
Modified Files:
pkgsrc/security/openssl: distinfo
pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org
patch-Makefile.shared patch-apps_Makefile patch-config
patch-crypto_bn_bn__prime.pl patch-crypto_dso_dso__dlfcn.c
patch-doc_apps_cms.pod patch-doc_apps_smine.pod
patch-doc_ssl_SSL__COMP__add__compression__method.pod
patch-doc_ssl_SSL__CTX__add__session.pod
patch-doc_ssl_SSL__CTX__load__verify__locations.pod
patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
patch-doc_ssl_SSL__CTX__set__session__id__context.pod
patch-doc_ssl_SSL__CTX__set__ssl__version.pod
patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod
patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod
patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod
patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod
patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod
patch-engines_ccgost_Makefile patch-tools_Makefile
Added Files:
pkgsrc/security/openssl/patches: patch-crypto_des_Makefile
Log Message:
Fix build on OpenBSD/sparc64. Defuzz patches (sorry if this is annoying).
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jun 5 12:16:06 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile builtin.mk distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-doc_apps_cms.pod
patch-doc_apps_smine.pod
patch-doc_ssl_SSL__COMP__add__compression__method.pod
patch-doc_ssl_SSL__CTX__add__session.pod
patch-doc_ssl_SSL__CTX__load__verify__locations.pod
patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
patch-doc_ssl_SSL__CTX__set__session__id__context.pod
patch-doc_ssl_SSL__CTX__set__ssl__version.pod
patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod
patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod
patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod
patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod
patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod
Log Message:
Update to 1.0.1h:
Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
o Fix for CVE-2014-0224
o Fix for CVE-2014-0221
o Fix for CVE-2014-0195
o Fix for CVE-2014-3470
o Fix for CVE-2010-5298
|
|
security/gnutls: security update
Revisions pulled up:
- security/gnutls/Makefile 1.146
- security/gnutls/distinfo 1.106
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri May 30 13:20:23 UTC 2014
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to 3.2.15:
* Version 3.2.15 (released 2014-05-30)
** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon.
** libgnutls: Several memory leaks caused by error conditions were
fixed. The leaks were identified using valgrind and the Codenomicon
TLS test suite.
** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.
** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.
** gnutls-cli: if dane is requested but not PKIX verification, then
only do verify the end certificate.
** ocsptool: Include path in ocsp request. This resolves #108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
** API and ABI modifications:
No changes since last version.
* Version 3.2.14 (released 2014-05-06)
** libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.
** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided.
** libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.
** libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.
** libgnutls: Several small bug fixes found by coverity.
** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.
** configure: Added --with-nettle-mini option, which allows linking
with a libnettle that contains gmp.
** certtool: The ECDSA keys generated by default use the SECP256R1 curve
which is supported more widely than the previously used SECP224R1.
** API and ABI modifications:
No changes since last version.
* Version 3.2.13 (released 2014-04-07)
** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently
if there are no base64 data. Report and patch by Ramkumar Chinchani.
** libgnutls: gnutls_record_send is now safe to be called under DTLS when
in corked mode.
** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are
only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for
these algorithms.
** libgnutls: Changed the behaviour in wildcard acceptance in certificates.
Wildcards are only accepted when there are more than two domain components
after the wildcard. This drops support for the permissive RFC2818 wildcards
and adds more conservative support based on the suggestions in RFC6125. Suggested
by Jeffrey Walton.
** certtool: When no password is provided to export a PKCS #8 keys, do
not encrypt by default. This reverts to the certtool behavior of gnutls
3.0. The previous behavior of encrypting using an empty password can be
replicating using the new parameter --empty-password.
** p11tool: Avoid dual initialization of the PKCS #11 subsystem when
the --provider option is given.
** API and ABI modifications:
No changes since last version.
|
|
security/openssl: build fix
Revisions pulled up:
- security/openssl/distinfo 1.105
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Apr 8 23:58:03 UTC 2014
Modified Files:
pkgsrc/security/openssl: distinfo
Log Message:
removed obsolated patche entries.
|
|
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.186-1.188
- security/openssl/distinfo 1.103-1.104
- security/openssl/patches/patch-Configure 1.1
- security/openssl/patches/patch-Makefile.org 1.1
- security/openssl/patches/patch-Makefile.shared 1.1
- security/openssl/patches/patch-aa deleted
- security/openssl/patches/patch-ac deleted
- security/openssl/patches/patch-ad deleted
- security/openssl/patches/patch-ae deleted
- security/openssl/patches/patch-af deleted
- security/openssl/patches/patch-ag deleted
- security/openssl/patches/patch-ak deleted
- security/openssl/patches/patch-apps_Makefile 1.1
- security/openssl/patches/patch-config 1.1
- security/openssl/patches/patch-crypto_bn_bn__prime.pl 1.1
- security/openssl/patches/patch-tools_Makefile 1.1
---
Module Name: pkgsrc
Committed By: he
Date: Wed Apr 2 12:11:35 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org
patch-Makefile.shared patch-apps_Makefile patch-config
patch-crypto_bn_bn.h patch-crypto_bn_bn__lib.c
patch-crypto_bn_bn__prime.pl patch-crypto_ec_ec2__mult.c
patch-tools_Makefile
Removed Files:
pkgsrc/security/openssl/patches: patch-aa patch-ac patch-ad patch-ae
patch-af patch-ag patch-ak
Log Message:
Rename all remaining patch-?? files using the newer naming convention.
Add a fix for CVE-2014-0076:
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
Fix from culled from
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f
91e57d247d0fc667aef29
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Apr 8 02:48:38 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile
Log Message:
p5-Perl4-CoreLibs is not required for perl<5.16
---
Module Name: pkgsrc
Committed By: obache
Date: Tue Apr 8 06:20:44 UTC 2014
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-crypto_bn_bn.h
patch-crypto_bn_bn__lib.c patch-crypto_ec_ec2__mult.c
Log Message:
Update openssl to 1.0.1g.
(CVE-2014-0076 is already fixed in pkgsrc).
OpenSSL CHANGES
_______________
Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
*) A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and
to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
[Adam Langley, Bodo Moeller]
*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
[Yuval Yarom and Naomi Benger]
*) TLS pad extension: draft-agl-tls-padding-03
Workaround for the "TLS hang bug" (see FAQ and opensslPR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long.
[Adam Langley, Steve Henson]
|
|
|
|
pkgsrc change
* Use PLIST_VARS.
* Update hpn-patch based on openssh-6.5p1-hpnssh14v4.diff.gz.
Fixes security problem (SA57488).
For full changes, please refer below release notes.
http://www.openssh.com/txt/release-6.5
http://www.openssh.com/txt/release-6.6
|
|
* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
key directly if SkipPublicKey is used [OPENDNSSEC-574].
* OPENDNSSEC-358: ods-ksmutil:Extend 'key list' command with options to filter
on key type and state. This allows keys in the GENERATE and DEAD state to be
output.
* OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output
type parameter to allow only File or DNS.
* OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals
derived from unsigned delegations (be compatible with servers that are
incompatible with RFC 5155 errata 3441).
* Make/build: Include README.md in dist tar-ball.
Bugfixes:
* SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
* SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
[OPENDNSSEC-526].
* SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
[OPENDNSSEC-529].
* SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
* SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
[OPENDNSSEC-520].
* SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain
dates [OPENDNSSEC-553].
* SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
* SUPPORT-127: ods-signer: Fix manpage sections.
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
* OPENDNSSEC-531: ods-ksmutil: Exported value of <Parent><SOA><TTL> in
'policy export' output could be wrong on MySQL.
* OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
* OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
request with EDNS.
* OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation
and alloctaion.
* OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
* Signer Engine: Fix a race condition when stopping daemon.
|
|
|
|
|
|
|
|
made the conditional more robust.
Fixes at least "make describe", let's see if it helps for the bulk build.
|
|
|
|
|
|
Add test target and most of the needed dependencies.
(Two more packages ready, will be added after the freeze.)
Bump PKGREVISION.
|
|
to include d1_meth.c.
Based on upstream patch from
https://gist.github.com/reaperhulk/5e4d3d30ac1598473206
|
|
Fix PLIST issues on different compilers.
|
|
Thanks, gdt.
|
|
pulled in during an attempt to autobuild it because it was missing).
Ride PKGREVISION bump from a few minutes ago.
|
|
|
|
cryptography is a package designed to expose cryptographic recipes
and primitives to Python developers. Our goal is for it to be your
"cryptographic standard library".
cryptography includes both high level recipes, and low level
interfaces to common cryptographic algorithms such as symmetric
ciphers, message digests and key derivation functions.
Comitted during the freeze since py-OpenSSL needs it.
|
|
py-OpenSSL 0.14 started depending on six, but this package didn't, so
"import OpenSSL" failed. Confusingly, this led to build failures in
tahoe-lafs because somehow setuptools determined six was needed and
tried to download it.
After this commit, "make test" in py-OpenSSL still fails; it tries to download
"cryptography" and "cffi".
|
|
now that we have OpenSSL from pkgsrc.
|
|
opensc upstream has removed the use of ltdl. Thus, it is not longer
reasonable to expect it to be able to dlopen a .la file. So pass the
.so, not the .la, to configure, when using the pcsc-lite (default)
option. Resolves a failure of pkcs15-init to load modules.
|
|
sbin/pcscd is linked with libusb1, but the installed libraries and
headers do not reference libusb at all. Not including libusb1 avoids
having pcsc-lite's bl3 pull in pthreads to depending packages.
|
|
|
|
Just use the security/libtomcrypt/buildlink3.mk now the
BUILDLINK_API_DEPENDS has been updated.
|
|
(security/dropbear), so bump the BUILDLINK_API_DEPENDS to reflect the
current value of the package.
|
|
snapshot) by Richard Hansen of BBN.
Mostly the update is straightforward, with a bit more effort to avoid
pthreads. (Threads are not ok because pam modules dlopen opensc, and
pam modules are used from nonthreaded programs.)
New in 0.13.0; 2012-12-04
* New card driver ePass2003.
* OpenPGP card:
greatly improved card driver and PKCS#15 emulation;
implemented write (pkcs15init) mode;
greatly enhanced documentation and tools.
* ECDSA keys supported in 'read' and 'write' modes by
internal PKCS#15 library, PKCS#11 and tools.
* Minidriver in 'write' mode.
* SM: secure messaging in GlobalPlatform-SP01 and CW14890 specifications;
supported by ePass2003, IAS/ECC and AuthentIC cards;
"ACL" and "APDU" modes to trigger secure messaging session;
'local' version of the external secure messaging module.
* PKCS#15: support of 'secret-key' PKCS#15 objects
support of 'authentication-object' PKCS#15 objects
support of 'algReference' common key PKCS#15 attribute
support of 'algReference' common key PKCS#15 attribute
support of 'subjectName' common public key PKCS#15 attribute
* PKCS#11: removed 'onepin' version of pkcs#11 module
configuration options to expose slots for PINs and present on-card applications.
support GOSTR3410 generate key mechanism
* Support of PACE reader.
* Remove libltdl reference.
* ECDSA supported by MyEID card
* New card driver for the SmartCard-HSM, a light-weight hardware security module
* New useful commands in 'opensc-explorer' tool: 'find', 'put-data', ...
* fixed SIGV issue due to the unsupported public key format
* fixes for the number of documentation issues
|
|
|
|
A comprehensive toolkit for remotely running commands in a structured
manner on groups of servers.
|
|
[2013/12/18]
* Version 2.3.2
Fix up compilation issues causing problems with a non-GNU make.
[2013/11/13]
* Version 2.3.1
- Caleb Land<caleb.land@gmail.com>
Remove sgetspent on implementations using pwd.h
[2013/11/13]
* Version 2.3.0
- Caleb Land<caleb.land@gmail.com>
Merge OS X work into main gem. Fix bugs with OS X implementation and tweak support for FreeBSD.
See https://github.com/caleb/ruby-shadow/commit/20d98b7d9e3bbbef0b737affd3245590096a316c
- Add license file to Manifest.
|
|
=== 2.8.0 / 01 Feb 2014
* Handle ssh-rsa and ssh-dss certificate files [bobveznat]
* Correctly interpret /etc/ssh_config Authentication settings based on openssh /etc/ssh_config system defaults [therealjessesanford, liggitt]
* Fixed pageant support for Windows [jarredholman]
* Support %r in ProxyCommand configuration in ssh_config files as defined in OpenSSH [yugui]
* Don't use ssh-agent if :keys_only is true [SFEley]
* Fix the bug in keys with comments [bobtfish]
* Add a failing tests for options in pub keys [bobtfish]
* Assert that the return value from ssh block is returned [carlhoerberg]
* Don't close the connection it's already closed [carlhoerberg]
* Ensure the connection closes even on exception [carlhoerberg]
* Make the authentication error message more useful [deric]
* Fix "ConnectionError" typo in lib/net/ssh/proxy/socks5.rb [mirakui]
* Allow KeyManager to recover from incompatible agents [ecki, delano]
* Fix for "Authentication Method determination can pick up a class from the root namespace" [dave.sieh]
|
|
3.1.3 Feb 21 2014
- Add support for Ruby 2.1 in compiled Windows binaries
- Rename gem from "bcrypt-ruby" to just "bcrypt". [GH #86 by @sferik]
3.1.6 Feb 21 2014
- Dummy version of "bcrypt-ruby" needed a couple version bumps to fix some
bugs. It felt wrong to have that at a higher version than the real gem, so
the real gem is getting bumped to 3.1.6.
3.1.7 Feb 24 2014
- Rebuild corrupt Java binary version of gem [GH #90]
- The 2.1 support for Windows binaries alleged in 3.1.3 was a lie -- documentation removed
|
|
libgcrypt installs a library and 3 binaries, none of which are linked
against pthreads (on NetBSD 6). It installs one .h, which also does
not reference pthreads. However, it contains a comment that thread
callbacks were removed from libgcrypt as of 1.6. I rebuilt dirmngr,
glib-networking, gnupg2, libgnome-keyring, libksba, libotr, libxslt,
and pidgin-otr with the new version with no issues.
Note that I am not removing mk/pthread.buildlink3.mk from Makefile,
because it builds t-lock (used in make test but not installed) with
threads.
|
|
|
|
* yhsm-daemon: Use JSON messages instead of Python pickling.
|
|
to cover all releases in this update...)
---------------- VERSION 4.1.3 --------------
- fixed bug that could crash UFS/ExtX in inode_lookup.
- More bounds checking in ISO9660 code
- Image layer bounds checking
- Update version of SQLITE-JDBC
- Config file for YAFFS2 spare area
- New method in image layer to return names
- Yaffs2 cleanup.
- Escape all strings in SQLite database
- SQlite code uses NTTFS sequence number to match parent IDs
---------------- VERSION 4.1.2 --------------
Core:
- TskAutoDB considers not finding a VS/FS a critical error.
---------------- VERSION 4.1.1 --------------
Core:
- Added FILE_SHARE_WRITE to all windows open calls.
- removed unused methods in CRC code that caused compile errors.
- Added NTFS FNAME times to time2 struct in TSK_FS_META to make them
easier to access -- should have done this a long time ago!
- fls -m and tsk_gettimes output NTFS FNAME times to output for timelines.
- hfind with EnCase hashsets works when DB is specified (and not only index)
- TskAuto now goes into UNALLOC partitions by default too.
- Added support to automatically find all Cellebrite raw dump files given
the name of the first image.
- Added NTFS sequence to parent address in directory and directory itself.
- Updated SQLite code to use sequence when finding parent object ID.
---------------- VERSION 4.1.0 --------------
Core:
- Added YAFFS2 support (patch from viaForensics).
- Added Ext4 support (patch from kfairbanks)
- changed all include paths to be 'tsk' instead of 'tsk3'
-- IMPORTANT FOR ALL DEVELOPERS!
---------------- VERSION 4.0.2 --------------
New Features:
- Added fiwalk tool from Simson. Not supported in Visual Studio yet.
---------------- VERSION 4.0.1 --------------
New Features:
- Can open raw Windows devices with write mode sharing.
- More DOS partition types are displayed.
- Added fcat tool that takes in file name and exports content (equivalent to using ifind and icat together).
- Added new API to TskImgDB that returns hash value associated with carved files.
- performance improvements with FAT code (maps and dir_add)
- performance improvements with NTFS code (maps)
- added AONLY flag to block_walk
- Updated blkls and blkcalc to use AONLY flag -- MUCH faster.
---------------- VERSION 4.0.0 --------------
New Features:
- Added multithreaded support
- Added C++ wrapper classes
- Added JNI bindings / Java data model classes
- 3314047: Added utf8-specific versions of 'toid' methods for img,vs,fs types
- 3184429: More consistent printing of unset times (all zerso instead of 1970)
- New database design that allows for multiple images in the same database
- GPT volume system tries other sector sizes if first attempt fails.
- Added hash calculation and lookup to AutoDB and JNI.
- Upgraded SQLite to 3.7.9.
- EnCase hash support
- Libewf v2 support (it is now non-beta)
- First file in a raw split or E01 can be specified and the rest of the files
are found.
- mactime displays times as 0 if the time is not set (isntead of 1970)
- Changed behavior of 'mactime -y' to use ISO8601 format.
- Updated HFS+ code from ATC-NY.
- FAT orphan file improvements to reduce false positives.
- TskAuto better reports errors.
|
|
* Don't install internal header files.
* Don't print debug info when the "debug" parameter is not given.
* Use PBKDF2 to process expected reply for challenge-response mode.
* Fixup memory leaks and leaks of privilege.
* Let return values reflect whether the user wasn't found or other error.
|
|
* Add -6 and -8 flags to ykchalresp to output the response as a truncated
OATH code.
* Add -t to ykchalresp to use current time / 30 as challenge in TOTP
fashion.
* Fix for a crash in the libusb-0.1 backend.
Version 1.15.0 (released 2014-01-10)
* add new Neo version 3.2 as supported.
* let ykp_AES_key_from_password() return error if it can't get a random
salt.
* let -a without option mean ask for raw key on STDIN.
* let no -a given mean generate a random key
* add ykp_AES_key_from_raw() and ykp_HMAC_key_from_raw() that sets the
key from a byte array.
* remove -osalt= and possibility to generate key from password.
* add YK_ENODATA that's returned when no data is returned from
the device and no other underlying error is set.
|
|
* Add man pages.
* Self-tests may be run under valgrind to catch bugs.
Disable with "./configure --disable-valgrind-tests".
|
|
not use libtool to do so. This is required to correctly depend upon a
gcc runtime package (e.g. gcc47-libs) when using USE_PKGSRC_GCC_RUNTIME.
|
|
|
|
Packaged in wip by Richard Hansen of BBN.
GPShell is a script interpreter which talks to a smart card which
complies to the GlobalPlatform Card Specification. It is written on
top of the GlobalPlatform Library. It uses the PC-SC Connection
Plugin for accessing smart cards. It can establish a secure channel
with a smart card, load, instantiate, delete and list applications on
supported smart cards. These applications are practically always
JavaCard applets.
|
|
|
|
C library for managing the contents of a GlobalPlatform smart card.
|
|
0.18
* Mark most of unstable API as stable
* Bump Glib dependency (2.38+)
* Add secret_service_encode_dbus_secret() and decode functions
* Use TAP for testing, parallel tests, and non-recursive make
* Updated FSF's address
* Remove unstable vapi [#721429]
* Build fixes [#720087 #720244 #707452]
* Updated translations
|
|
Of utmost importance: it fixes CVE 2014-0016.
Thanks to jgw (Jeff W) _AT_ sdf.org for working on the same patch
independently.
In before the freeze! Changelog follows.
Security bugfixes
Added PRNG state update in fork threading (CVE-2014-0016).
New global configuration file defaults
Default "fips" option value is now "no", as FIPS mode is only helpful for compliance, and never for actual security.
Default "pid" is now "", i.e. not to create a pid file at startup.
New service-level configuration file defaults
Default "ciphers" updated to "HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2" due to AlFBPPS attack and bad performance of DH ciphersuites.
Default "libwrap" setting is now "no" to improve performance.
New features
OpenSSL DLLs updated to version 1.0.1f.
zlib DLL updated to version 1.2.8.
autoconf scripts upgraded to version 2.69.
TLS 1.1 and TLS 1.2 are now allowed in the FIPS mode.
New service-level option "redirect" to redirect SSL client connections on authentication failures instead of rejecting them.
New global "engineDefault" configuration file option to control which OpenSSL tasks are delegated to the current engine. Available tasks: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, DIGESTS, PKEY, PKEY_CRYPTO, PKEY_ASN1.
New service-level configuration file option "engineId" to select the engine by identifier, e.g. "engineId = capi".
New global configuration file option "log" to control whether to append (the default), or to overwrite log file while (re)opening.
Different taskbar icon colors to indicate the service state.
New global configuration file options "iconIdle", "iconActive", and "iconError" to select status icon on GUI taskbar.
Removed the limit of 63 stunnel.conf sections on Win32 platform.
Installation of a sample certificate was moved to a separate "cert" target in order to allow unattended (e.g. scripted) installations.
Reduced length of the logged thread identifier. It is still based on the OS thread ID, and thus not unique over long periods of time.
Improved readability of error messages printed when stunnel refuses to start due to a critical error.
Bugfixes
LD_PRELOAD Solaris compatibility bug fixed (thx to Norm Jacobs).
CRYPTO_NUM_LOCKS replaced with CRYPTO_num_locks() to improve binary compatibility with diverse builds of OpenSSL (thx to Norm Jacobs).
Corrected round-robin failover behavior under heavy load.
Numerous fixes in the engine support code.
On Win32 platform .rnd file moved from c:\ to the stunnel folder.
|
|
|
|
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
|
|
* liboath: Fix usersfile bug that caused it to update the wrong line.
When an usersfile contain multiple lines for the same user but with an
unparseable token type (e.g., HOTP vs TOTP), the code would update the
wrong line of the file. Since the then updated line could be a
commented out line, this can lead to the same OTP being accepted
multiple times which is a security vulnerability. CVE-2013-7322
CVs: ----------------------------------------------------------------------
|
