| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security/mozilla-rootcerts: build fix
Revisions pulled up:
- security/mozilla-rootcerts/Makefile 1.27-1.29
- security/mozilla-rootcerts/files/mozilla-rootcerts.sh 1.14-1.18
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:10:21 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Substitute path to openssl more thoroughly
This package can depend on builtin openssl or pkgsrc openssl.
However, it had paths from the base system hardcoded. Be more
thorough about using builtin vs pkgsrc paths. This is a minimal
change to use builtin/pkgsrc paths; future commits will note latent
issues uncovered in the process.
Based on a report to pkgsrc-users by J. Lewis Muir.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:20:15 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Add comments questioning many things
Describe issues with touching the config file and the spurious
directory check surrounding ca-certificates.crt.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:32:38 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Rationalize directory handling around ca-certificates.crt
Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths. So the directory
must exist (because it was checked earlier). Instead, check for the
ca-certificates.crt file existing. Add more questioning comments.
Based on a patch by J. Lewis Muir.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:37:48 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Revert touching of openssl config file
Earlier, code was added to "touch $conffile" to work around openssl
issuing a warning if openssl.conf was not present. This is
problematic because if the warning is appropriate, 1) we have no way
of knowing that an empty config file is correct and 2) we should not
silence it. If the warning is buggy, then openssl and/or the base
system should be fixed. Further, this code changes the modification
date of the config file on every run, even when there is a valid
config file.
(There was no discussion prior, three objections and no concurrences,
and no response, so reverting seems ok.)
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:39:53 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Adjust comments around ca-certificates.crt
(Ride earlier PKGREVISION.)
|
|
security/libksba: bugfix
Revisions pulled up:
- security/libksba/Makefile 1.34
- security/libksba/distinfo 1.22
- security/libksba/patches/patch-src_cms.c 1.1
---
Module Name: pkgsrc
Committed By: gdt
Date: Tue May 30 22:40:17 UTC 2017
Modified Files:
pkgsrc/security/libksba: Makefile distinfo
Added Files:
pkgsrc/security/libksba/patches: patch-src_cms.c
Log Message:
Add patch to resolve gpgsm S/MIME failures
S/MIME messages encrypted with gpgsm are sometimes not decodable by
other implementations. Discussion on gnupg-devel indicates that gpg
(via libksba) is incorrectly dropping leading zeros from the encrypted
session key. This commit adds a patch by Daiki Ueno from the
mailinglist that appears to improve interoperability. Upstream has
not yet applied it, but also has not said that it is wrong.
|
|
security/sudo: security fix
Revisions pulled up:
- security/sudo/Makefile 1.155
- security/sudo/distinfo 1.92
---
Module Name: pkgsrc
Committed By: spz
Date: Wed Jun 7 05:41:53 UTC 2017
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
update to version 1.8.20p2
upstream changelog:
2017-05-31 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* NEWS, configure, configure.ac:
Sudo 1.8.20p2
[47836f4c9834]
* src/ttyname.c:
A command name may also contain newline characters so read
/proc/self/stat until EOF. It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any. With help from Qualys.
This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
[15a46f4007dd]
2017-05-30 Todd C. Miller <Todd.Miller%courtesan.com@localhost>
* src/ttyname.c:
Use /proc/self consistently on Linux. As far as I know, only AIX
doesn't support /proc/self.
[6f3d9816541b]
|
|
security/py-yara: security fix
security/yara: security fix
Revisions pulled up:
- security/py-yara/Makefile 1.5
- security/py-yara/PLIST 1.2
- security/py-yara/distinfo 1.5-1.7
- security/yara/Makefile 1.3
- security/yara/Makefile.common 1.5-1.8
- security/yara/PLIST 1.3
- security/yara/distinfo 1.6-1.8
---
Module Name: pkgsrc
Committed By: khorben
Date: Mon May 15 15:27:31 UTC 2017
Modified Files:
pkgsrc/security/py-yara: Makefile PLIST distinfo
pkgsrc/security/yara: Makefile Makefile.common PLIST distinfo
Log Message:
Update security/{,py-yara} to version 3.5.0
The release notes mention:
* Match length operator
(http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
* Performance improvements
* Less memory consumption while scanning processes
* Exception handling when scanning memory blocks
* Negative integers in meta fields
* Added the --stack-size command-argument
* Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE
module
* Functions rich_signature.toolid and rich_signature.version added to
PE module
* Lots of bug fixes
The Python bindings are now released from a different tree, with the same
versioning apparently though.
"welcome to update" pettai@
---
Module Name: pkgsrc
Committed By: khorben
Date: Mon May 15 15:34:12 UTC 2017
Modified Files:
pkgsrc/security/yara: Makefile.common
Log Message:
Set myself as the maintainer
---
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jun 7 20:11:42 UTC 2017
Modified Files:
pkgsrc/security/py-yara: distinfo
pkgsrc/security/yara: Makefile.common distinfo
Log Message:
Package yara 3.6.0
In the release notes:
* .NET module (Wesley Shields)
* New features for ELF module (Jacob Baines)
* Fix endianness issues (Hilko Bengen)
* Function yr_compiler_add_fd added to libyara
* MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley)
* Added --fail-on-warnings command-line option
* Multiple bug fixes
---
Module Name: pkgsrc
Committed By: khorben
Date: Wed Jun 7 20:27:37 UTC 2017
Modified Files:
pkgsrc/security/py-yara: distinfo
pkgsrc/security/yara: Makefile.common distinfo
Log Message:
Package yara 3.6.1
In the release notes:
* BUGFIX: Stack overflow caused by uncontrolled recursiveness
(CVE-2017-9304)
* BUGFIX: pe.overlay.size was undefined if the PE didn't have an
overlay. Now it's set to 0 in those cases.
* BUGFIX: Fix initalization issue that could cause a crash if rules
compiled with a 32bit yarac is used with a 64bit yara.
|
|
security/libtomcrypt: security fix
Revisions pulled up:
- security/libtomcrypt/Makefile 1.7
- security/libtomcrypt/distinfo 1.6
- security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c 1.1
---
Module Name: pkgsrc
Committed By: snj
Date: Tue May 16 21:55:50 UTC 2017
Modified Files:
pkgsrc/security/libtomcrypt: Makefile distinfo
Added Files:
pkgsrc/security/libtomcrypt/patches:
patch-src_pk_rsa_rsa__verify__hash.c
Log Message:
Fix CVE-2016-6129. Bump PKGREVISION to 3.
|
|
security/sudo: security update
Revisions pulled up:
- security/sudo/Makefile 1.154
- security/sudo/distinfo 1.89-1.91
- security/sudo/patches/patch-af 1.34
- security/sudo/patches/patch-ag 1.25-1.26
- security/sudo/patches/patch-include_sudo__compat.h 1.1
- security/sudo/patches/patch-include_sudo__event.h 1.1
- security/sudo/patches/patch-src_Makefile.in 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Tue May 30 16:14:56 UTC 2017
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
pkgsrc/security/sudo/patches: patch-af patch-ag patch-src_Makefile.in
Added Files:
pkgsrc/security/sudo/patches: patch-include_sudo__event.h
Log Message:
sudo: update to 1.8.20p1.
Fixes CVE-2017-1000367, local privilege escalation on linux.
What's new in Sudo 1.8.20p1
* Fixed "make check" when using OpenSSL or GNU crypt.
Bug #787.
* Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
when the process name contains spaces. Since the user has control
over the command name, this could potentially be used by a user
with sudo access to overwrite an arbitrary file on systems with
SELinux enabled. Also stop performing a breadth-first traversal
of /dev when looking for the device; only a hard-coded list of
directories are checked,
What's new in Sudo 1.8.20
* Added support for SASL_MECH in ldap.conf. Bug #764
* Added support for digest matching when the command is a glob-style
pattern or a directory. Previously, only explicit path matches
supported digest checks.
* New "fdexec" Defaults option to control whether a command
is executed by path or by open file descriptor.
* The embedded copy of zlib has been upgraded to version 1.2.11.
* Fixed a bug that prevented sudoers include files with a relative
path starting with the letter 'i' from being opened. Bug #776.
* Added support for command timeouts in sudoers. The command will
be terminated if the timeout expires.
* The SELinux role and type are now displayed in the "sudo -l"
output for the LDAP and SSSD backends, just as they are in the
sudoers backend.
* A new command line option, -T, can be used to specify a command
timeout as long as the user-specified timeout is not longer than
the timeout specified in sudoers. This option may only be
used when the "user_command_timeouts" flag is enabled in sudoers.
* Added NOTBEFORE and NOTAFTER command options to the sudoers
backend similar to what is already available in the LDAP backend.
* Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
crypt instead of the SHA2 implementation bundled with sudo.
* Fixed a compilation error on systems without the stdbool.h header
file. Bug #778.
* Fixed a compilation error in the standalone Kerberos V authentication
module. Bug #777.
* Added the iolog_flush flag to sudoers which causes I/O log data
to be written immediately to disk instead of being buffered.
* I/O log files are now created with group ID 0 by default unless
the "iolog_user" or "iolog_group" options are set in sudoers.
* It is now possible to store I/O log files on an NFS-mounted
file system where uid 0 is remapped to an unprivileged user.
The "iolog_user" option must be set to a non-root user and the
top-level I/O log directory must exist and be owned by that user.
* Added the restricted_env_file setting to sudoers which is similar
to env_file but its contents are subject to the same restrictions
as variables in the invoking user's environment.
* Fixed a use after free bug in the SSSD backend when the fqdn
sudoOption is enabled and no hostname value is present in
/etc/sssd/sssd.conf.
* Fixed a typo that resulted in a compilation error on systems
where the killpg() function is not found by configure.
* Fixed a compilation error with the included version of zlib
when sudo was built outside the source tree.
* Fixed the exit value of sudo when the command is terminated by
a signal other than SIGINT. This was broken in sudo 1.8.15 by
the fix for Bug #722. Bug #784.
* Fixed a regression introduced in sudo 1.8.18 where the "lecture"
option could not be used in a positive boolean context, only
a negative one.
* Fixed an issue where sudo would consume stdin if it was not
connected to a tty even if log_input is not enabled in sudoers.
Bug #786.
* Clarify in the sudoers manual that the #includedir directive
diverts control to the files in the specified directory and,
when parsing of those files is complete, returns control to the
original file. Bug #775.
What's new in Sudo 1.8.19p2
* Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
or network is used in a host-based Defaults entry. Bug #766
* Added a missing check for the ignore_iolog_errors flag when
the sudoers plugin generates the I/O log file path name.
* Fixed a typo in sudo's vsyslog() replacement that resulted in
garbage being logged to syslog.
What's new in Sudo 1.8.19p1
* Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong
syslog priority and facility being used.
What's new in Sudo 1.8.19
* New "syslog_maxlen" Defaults option to control the maximum size of
syslog messages generated by sudo.
* Sudo has been run against PVS-Studio and any issues that were
not false positives have been addressed.
* I/O log files are now created with the same group ID as the
parent directory and not the invoking user's group ID.
* I/O log permissions and ownership are now configurable via the
"iolog_mode", "iolog_user" and "iolog_group" sudoers Defaults
variables.
* Fixed configuration of the sudoers I/O log plugin debug subsystem.
Previously, I/O log information was not being written to the
sudoers debug log.
* Fixed a bug in visudo that broke editing of files in an include
dir that have a syntax error. Normally, visudo does not edit
those files, but if a syntax error is detected in one, the user
should get a chance to fix it.
* Warnings about unknown or unparsable sudoers Defaults entries now
include the file and line number of the problem.
* Visudo will now use the file and line number information about an
unknown or unparsable Defaults entry to go directly to the file
with the problem.
* Fixed a bug in the sudoers LDAP back-end where a negated sudoHost
entry would prevent other sudoHost entries following it from matching.
* Warnings from visudo about a cycle in an Alias entry now include the
file and line number of the problem.
* In strict mode, visudo will now use the file and line number
information about a cycle in an Alias entry to go directly to the
file with the problem.
* The sudo_noexec.so file is now linked with -ldl on systems that
require it for the wordexp() wrapper.
* Fixed linking of sudo_noexec.so on macOS systems where it must be
a dynamic library and not a module.
* Sudo's "make check" now includes a test for sudo_noexec.so
working.
* The sudo front-end now passes the user's umask to the plugin.
Previously the plugin had to determine this itself.
* Sudoreplay can now display the stdin and ttyin streams when they
are explicitly added to the filter list.
* Fixed a bug introduced in sudo 1.8.17 where the "all" setting
for verifypw and listpw was not being honored. Bug #762.
* The syslog priority (syslog_goodpri and syslog_badpri) can now
be negated or set to "none" to disable logging of successful or
unsuccessful sudo attempts via syslog.
What's new in Sudo 1.8.18p1
* When sudo_noexec.so is used, the WRDE_NOCMD flag is now added
if the wordexp() function is called. This prevents commands
from being run via wordexp() without disabling it entirely.
* On Linux systems, sudo_noexec.so now uses a seccomp filter to
disable execute access if the kernel supports seccomp. This is
more robust than the traditional method of using stub functions
that return an error.
What's new in Sudo 1.8.18
* The sudoers locale is now set before parsing the sudoers file.
If sudoers_locale is set in sudoers, it is applied before
evaluating other Defaults entries. Previously, sudoers_locale
was used when evaluating sudoers but not during the inital parse.
Bug #748.
* A missing or otherwise invalid #includedir is now ignored instead
of causing a parse error.
* During "make install", backup files are only used on HP-UX where
it is not possible to unlink a shared object that is in use.
This works around a bug in ldconfig on Linux which could create
links to the backup shared library file instead of the current
one.
* Fixed a bug introduced in 1.8.17 where sudoers entries with long
commands lines could be truncated, preventing a match. Bug #752.
* The fqdn, runas_default and sudoers_locale Defaults settings are
now applied before any other Defaults settings since they can
change how other Defaults settings are parsed.
* On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW
flag is set, sudoedit now checks whether the file is a symbolic link
before opening it as well as after the open. Bug #753.
* Sudo will now only resolve a user's group IDs to group names
when sudoers includes group-based permissions. Group lookups
can be expensive on some systems where the group database is
not local.
* If the file system holding the sudo log file is full, allow
the command to run unless the new ignore_logfile_errors Defaults
option is disabled. Bug #751.
* The ignore_audit_errors and ignore_iolog_errors Defaults options
have been added to control sudo's behavior when it is unable to
write to the audit and I/O logs.
* Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler
was not being restored when sudo directly executes the command.
* Fixed a bug where "sudo -l command" would indicate that a command
was runnable even when denied by sudoers when using the LDAP or
SSSD backends.
* The match_group_by_gid Defaults option has been added to allow
sites where group name resolution is slow and where sudoers only
contains a small number of groups to match groups by group ID
instead of by group name.
* Fixed a bug on Linux where a 32-bit sudo binary could fail with
an "unable to allocate memory" error when run on a 64-bit system.
Bug #755
* When parsing ldap.conf, sudo will now only treat a '#' character
as the start of a comment when it is at the beginning of the
line.
* Fixed a potential crash when auditing is enabled and the audit
function fails with an error. Bug #756
* Norwegian Nynorsk translation for sudo from translationproject.org.
* Fixed a typo that broke short host name matching when the fqdn
flag is enabled in sudoers. Bug #757
* Negated sudoHost attributes are now supported by the LDAP and
SSSD backends.
* Fixed matching entries in the LDAP and SSSD backends when a
RunAsGroup is specified but no RunAsUser is present.
* Fixed "sudo -l" output in the LDAP and SSSD backends when a
RunAsGroup is specified but no RunAsUser is present.
To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.33 -r1.34 pkgsrc/security/sudo/patches/patch-af
cvs rdiff -u -r1.24 -r1.25 pkgsrc/security/sudo/patches/patch-ag
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/sudo/patches/patch-include_sudo__event.h
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/sudo/patches/patch-src_Makefile.in
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed May 31 02:22:02 UTC 2017
Modified Files:
pkgsrc/security/sudo: distinfo
Added Files:
pkgsrc/security/sudo/patches: patch-include_sudo__compat.h
Log Message:
sudo: workaround deficiencies in netbsd 6,7
NetBSD 7 doesn't define WCONTINUED or WIFCONTINUED, so provide
failure fallback definitions.
Thanks nonaka for the heads up.
To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/sudo/patches/patch-include_sudo__compat.h
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Wed May 31 02:33:12 UTC 2017
Modified Files:
pkgsrc/security/sudo: distinfo
pkgsrc/security/sudo/patches: patch-ag
Log Message:
sudo: include the full regen of configure script.
I tried to exclude a hunk that seemed new, but that is probably wrong.
It didn't cause problems on my end at first, but does fail for others.
To generate a diff of this commit:
cvs rdiff -u -r1.90 -r1.91 pkgsrc/security/sudo/distinfo
cvs rdiff -u -r1.25 -r1.26 pkgsrc/security/sudo/patches/patch-ag
|
|
security/crypto++: security fix
Revisions pulled up:
- security/crypto++/Makefile 1.21
- security/crypto++/PLIST 1.7
- security/crypto++/buildlink3.mk 1.13
- security/crypto++/distinfo 1.12
- security/crypto++/patches/patch-GNUmakefile 1.1
- security/crypto++/patches/patch-aa deleted
- security/crypto++/patches/patch-config.h deleted
---
Module Name: pkgsrc
Committed By: adam
Date: Thu May 18 21:20:23 UTC 2017
Modified Files:
pkgsrc/security/crypto++: Makefile PLIST buildlink3.mk distinfo
Added Files:
pkgsrc/security/crypto++/patches: patch-GNUmakefile
Removed Files:
pkgsrc/security/crypto++/patches: patch-aa patch-config.h
Log Message:
Crypto++ 5.6.5
The 5.6.5 release was mostly a maintenance release. The release included
two CVE fixes.
The first, CVE-2016-7420, was a procedural finding due to external build
systems failing to define NDEBUG for release builds. The gap was the
project's failure to tell users to define NDEBUG. The
second, CVE-2016-7544, was a potential memory corruption on Windows
platforms when using Microsoft compilers due to use of _malloca and _freea.
Due to CVE-2016-7420 and the possibility for an unwanted assert to
egress data, users and distros are encouraged to recompile the library
and all dependent programs.
|
|
security/dropbear: security fix
Revisions pulled up:
- security/dropbear/Makefile 1.32
- security/dropbear/distinfo 1.24
- security/dropbear/patches/patch-aa 1.11
- security/dropbear/patches/patch-ab 1.9
- security/dropbear/patches/patch-configure 1.1
---
Module Name: pkgsrc
Committed By: snj
Date: Tue May 16 21:54:21 UTC 2017
Modified Files:
pkgsrc/security/dropbear: Makefile distinfo
pkgsrc/security/dropbear/patches: patch-aa patch-ab
Added Files:
pkgsrc/security/dropbear/patches: patch-configure
Log Message:
update dropbear to 2016.74. changes:
2016.74 - 21 July 2016
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as
root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could
potentially
run arbitrary code as the dbclient user. This could be a problem if
scripts
or webpages pass untrusted input to the dbclient program.
CVE-2016-7406
https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
- Security: dropbearconvert import of OpenSSH keys could run arbitrary
code as
the local dropbearconvert user when parsing malicious key files
CVE-2016-7407
https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
CVE-2016-7408
https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
CVE-2016-7409
https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure
www.beyondsecurity.com/ssd.html
- Fix port forwarding failure when connecting to domains that have both
IPv4 and IPv6 addresses. The bug was introduced in 2015.68
- Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang
Hui P
for the patch
2016.73 - 18 March 2016
- Support syslog in dbclient, option -o usesyslog=yes. Patch from
Konstantin Tokarev
- Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev
- Option to exit when a TCP forward fails, patch from Konstantin Tokarev
- New "-o" option parsing from Konstantin Tokarev. This allows handling
some extra options
in the style of OpenSSH, though implementing all OpenSSH options is
not planned.
- Fix crash when fallback initshells() is used, reported by Michael
Nowak and Mike Tzou
- Allow specifying commands eg "dropbearmulti dbclient ..." instead of
symlinks
- Various cleanups for issues found by a lint tool, patch from Francois
Perrad
- Fix tab indent consistency, patch from Francois Perrad
- Fix issues found by cppcheck, reported by Mike Tzou
- Use system memset_s() or explicit_bzero() if available to clear
memory. Also make
libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).
- Prevent scp failing when the local user doesn't exist. Based on patch
from Michael Witten.
- Improved Travis CI test running, thanks to Mike Tzou
- Improve some code that was flagged by Coverity and Fortify Static Code
Analyzer
2016.72 - 9 March 2016
- Validate X11 forwarding input. Could allow bypass of authorized_keys
command= restrictions,
found by github.com/tintinweb. Thanks for Damien Miller for a patch.
CVE-2016-3116
https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff
2015.71 - 3 December 2015
- Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
- Fix crash on exit when -p address:port is used, broke in 2015.68,
thanks to
Frank Stollenwerk for reporting and investigation
- Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from
Konstantin Tokarev
- Fix bad configure script test which didn't work with dash shell, patch
from Juergen Daubert,
broke in 2015.70
- Fix server race condition that could cause sessions to hang on exit,
https://github.com/robotframework/SSHLibrary/issues/128
2015.70 - 26 November 2015
- Fix server password authentication on Linux, broke in 2015.69
2015.69 - 25 November 2015
- Fix crash when forwarded TCP connections fail to connect (bug
introduced in 2015.68)
- Avoid hang on session close when multiple sessions are started,
affects Qt Creator
Patch from Andrzej Szombierski
- Reduce per-channel memory consumption in common case, increase default
channel limit from 100 to 1000 which should improve SOCKS forwarding
for modern
webpages
- Handle multiple command line arguments in a single flag, thanks to
Guilhem Moulin
- Manpage improvements from Guilhem Moulin
- Build fixes for Android from Mike Frysinger
- Don't display the MOTD when an explicit command is run from Guilhem Moulin
- Check curve25519 shared secret isn't zero
2015.68 - Saturday 8 August 2015
- Reduce local data copying for improved efficiency. Measured 30%
increase in throughput for connections to localhost
- Forwarded TCP ports connect asynchronously and try all available addresses
(IPv4, IPv6, round robin DNS)
- Fix all compile warnings, many patches from Gaël Portay
Note that configure with -Werror may not be successful on some
platforms (OS X)
and some configuration options may still result in unused variable
warnings.
- Use TCP Fast Open on Linux if available. Saves a round trip at connection
to hosts that have previously been connected.
Needs a recent Linux kernel and possibly "sysctl -w
net.ipv4.tcp_fastopen=3"
Client side is disabled by default pending further compatibility testing
with networks and systems.
- Increase maximum command length to 9000 bytes
- Free memory before exiting, patch from Thorsten Horstmann. Useful for
Dropbear ports to embedded systems and for checking memory leaks
with valgrind. Only partially implemented for dbclient.
This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home
directory unless
there is a leading slash (~ isn't treated specially)
- Fix small ECC memory leaks
- Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
Matta Consulting. Odds of bad values are around 2**-512 -- improbable.
- Twofish-ctr cipher is supported though disabled by default
- Fix pre-authentication timeout when waiting for client SSH-2.0 banner,
thanks
to CL Ouyang
- Fix null pointer crash with restrictions in authorized_keys without a
command, patch from
Guilhem Moulin
- Ensure authentication timeout is handled while reading the initial banner,
thanks to CL Ouyang for finding it.
- Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz
2015.67 - Wednesday 28 January 2015
- Call fsync() after generating private keys to ensure they aren't lost if a
reboot occurs. Thanks to Peter Korsgaard
- Disable non-delayed zlib compression by default on the server. Can be
enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
- Default client key path ~/.ssh/id_dropbear
- Prefer stronger algorithms by default, from Fedor Brunner.
AES256 over 3DES
Diffie-hellman group14 over group1
- Add option to disable CBC ciphers.
- Disable twofish in default options.h
- Enable sha2 HMAC algorithms by default, the code was already required
for ECC key exchange. sha1 is the first preference still for performance.
- Fix installing dropbear.8 in a separate build directory, from Like Ma
- Allow configure to succeed if libtomcrypt/libtommath are missing, from
Elan Ruusamäe
- Don't crash if ssh-agent provides an unknown type of key. From Catalin
Patulea
- Minor bug fixes, a few issues found by Coverity scan
2014.66 - Thursday 23 October 2014
- Use the same keepalive handling behaviour as OpenSSH. This will work
better
with some SSH implementations that have different behaviour with unknown
message types.
- Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
keepalive message
- Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere
- Fix wtmp which broke since 2013.62, patch from Whoopie
2014.65 - Friday 8 August 2014
- Fix 2014.64 regression, server session hang on exit with scp (and probably
others), thanks to NiLuJe for tracking it down
- Fix 2014.64 regression, clock_gettime() error handling which broke on
older
Linux kernels, reported by NiLuJe
- Fix 2014.64 regression, writev() could occassionally fail with EAGAIN
which
wasn't caught
- Avoid error message when trying to set QoS on proxycommand or multihop
pipes
- Use /usr/bin/xauth, thanks to Mike Frysinger
- Don't exit the client if the local user entry can't be found, thanks
to iquaba
2014.64 - Sunday 27 July 2014
- Fix compiling with ECDSA and DSS disabled
- Don't exit abruptly if too many outgoing packets are queued for
writev(). Patch
thanks to Ronny Meeus
- The -K keepalive option now behaves more like OpenSSH's
"ServerAliveInterval".
If no response is received after 3 keepalives then the session is
terminated. This
will close connections faster than waiting for a TCP timeout.
- Rework TCP priority setting. New settings are
if (connecting || ptys || x11) tos = LOWDELAY
else if (tcp_forwards) tos = 0
else tos = BULK
Thanks to Catalin Patulea for the suggestion.
- Improve handling of many concurrent new TCP forwarded connections,
should now
be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for
reporting
and investigating it.
- Make sure that exit messages from the client are printed, regression
in 2013.57
- Use monotonic clock where available, timeouts won't be affected by
system time
changes
- Add -V for version
2014.63 - Wednesday 19 February 2014
- Fix ~. to terminate a client interactive session after waking a laptop
from sleep.
- Changed port separator syntax again, now using host^port. This is because
IPv6 link-local addresses use %. Reported by Gui Iribarren
- Avoid constantly relinking dropbearmulti target, fix "make install"
for multi target, thanks to Mike Frysinger
- Avoid getting stuck in a loop writing huge key files, reported by Bruno
Thomsen
- Don't link dropbearkey or dropbearconvert to libz or libutil,
thanks to Nicolas Boos
- Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos
- Avoid crash on exit due to cleaned up keys before last packets are sent,
debugged by Ronald Wahl
- Fix a race condition in rekeying where Dropbear would exit if it
received a
still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
This is a longstanding bug but is triggered more easily since 2013.57
- Fix README for ecdsa keys, from Catalin Patulea
- Ensure that generated RSA keys are always exactly the length
requested. Previously Dropbear always generated N+16 or N+15 bit keys.
Thanks to Unit 193
- Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip
if the
first public key succeeds. Still not enabled by default, needs more
compatibility testing with other implementations.
- Fix for port 0 forwarding in the client and port forwarding with
Apache MINA SSHD.
- Fix for bad system linux/pkt-sched.h header file with older Linux
kernels, from Steve Dover
- Fix signal handlers so that errno is saved, thanks to Erik Ahl�n for a
patch
and Mark Wickham for independently spotting the same problem.
|
|
security/libassuan2: build fix for SunOS
Revisions pulled up:
- security/libassuan2/distinfo 1.11
- security/libassuan2/patches/patch-configure 1.1
- security/libassuan2/patches/patch-src_assuan-uds.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Thu May 25 11:49:05 UTC 2017
Modified Files:
pkgsrc/security/libassuan2: distinfo
Added Files:
pkgsrc/security/libassuan2/patches: patch-configure
patch-src_assuan-uds.c
Log Message:
Handle _XOPEN_SOURCE correctly on SunOS.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/libassuan2/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/libassuan2/patches/patch-configure \
pkgsrc/security/libassuan2/patches/patch-src_assuan-uds.c
|
|
security/py-kerberos: bugfix
Revisions pulled up:
- security/py-kerberos/Makefile 1.2
- security/py-kerberos/distinfo 1.2
- security/py-kerberos/patches/patch-src_kerberos.c 1.1
---
Module Name: pkgsrc
Committed By: markd
Date: Sun Apr 23 05:35:27 UTC 2017
Modified Files:
pkgsrc/security/py-kerberos: Makefile distinfo
Added Files:
pkgsrc/security/py-kerberos/patches: patch-src_kerberos.c
Log Message:
Merge upstream pull request #52 from kwlzn/kwlzn/none_principal_fix
Allow `authGSSClientInit` principal kwarg to be None.
|
|
security/cyrus-sasl: build fix
Revisions pulled up:
- security/cy2-anonymous/Makefile 1.10
- security/cy2-crammd5/Makefile 1.10
- security/cy2-digestmd5/Makefile 1.20
- security/cy2-gssapi/Makefile 1.26
- security/cy2-ldapdb/Makefile 1.12
- security/cy2-login/Makefile 1.17
- security/cy2-ntlm/Makefile 1.28
- security/cy2-otp/Makefile 1.21
- security/cy2-plain/Makefile 1.10
- security/cy2-scram/Makefile 1.8
- security/cy2-sql/Makefile 1.34
- security/cyrus-sasl/Makefile 1.72
- security/cyrus-sasl/Makefile.common 1.26
- security/cyrus-saslauthd/Makefile 1.52
---
Module Name: pkgsrc
Committed By: jperkin
Date: Thu Apr 27 13:56:47 UTC 2017
Modified Files:
pkgsrc/security/cy2-anonymous: Makefile
pkgsrc/security/cy2-crammd5: Makefile
pkgsrc/security/cy2-digestmd5: Makefile
pkgsrc/security/cy2-gssapi: Makefile
pkgsrc/security/cy2-ldapdb: Makefile
pkgsrc/security/cy2-login: Makefile
pkgsrc/security/cy2-ntlm: Makefile
pkgsrc/security/cy2-otp: Makefile
pkgsrc/security/cy2-plain: Makefile
pkgsrc/security/cy2-scram: Makefile
pkgsrc/security/cy2-sql: Makefile
pkgsrc/security/cyrus-sasl: Makefile Makefile.common
pkgsrc/security/cyrus-saslauthd: Makefile
Log Message:
Fix to use PKG_SYSCONFDIR. Bump PKGREVISION for all packages using the
shared Makefile.common.
|
|
security/keychain: build fix
Revisions pulled up:
- security/keychain/Makefile 1.36
---
Module Name: pkgsrc
Committed By: jperkin
Date: Tue Apr 25 12:16:47 UTC 2017
Modified Files:
pkgsrc/security/keychain: Makefile
Log Message:
Put back dependency on bash again, the script uses the "local" keyword.
Bump PKGREVISION.
|
|
security/zebedee: build fix
Revisions pulled up:
- security/zebedee/distinfo 1.14-1.15
- security/zebedee/patches/patch-aa 1.11-1.12
---
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Apr 21 13:22:00 UTC 2017
Modified Files:
pkgsrc/security/zebedee: distinfo
pkgsrc/security/zebedee/patches: patch-aa
Log Message:
Honour existing LDFLAGS.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Apr 21 13:33:32 UTC 2017
Modified Files:
pkgsrc/security/zebedee: distinfo
pkgsrc/security/zebedee/patches: patch-aa
Log Message:
Use BSD_INSTALL.
|
|
security/clamav: build fix
Revisions pulled up:
- security/clamav/buildlink3.mk 1.6
---
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Apr 21 13:40:19 UTC 2017
Modified Files:
pkgsrc/security/clamav: buildlink3.mk
Log Message:
Pull in required dependencies.
|
|
security/zoneminder: build fix for macOS
Revisions pulled up:
- security/zoneminder/Makefile 1.33
---
Module Name: pkgsrc
Committed By: dsainty
Date: Thu Apr 20 09:59:39 UTC 2017
Modified Files:
pkgsrc/security/zoneminder: Makefile
Log Message:
Darwin does have sendfile(), but the API differs from ZoneMinder's
expectation.
Inhibit its use on Darwin to fix the build.
Hello,
Please pull up the following Darwin build fix to security/zoneminder.
|
|
security/gnutls: build fix
Revisions pulled up:
- security/gnutls/distinfo 1.124
- security/gnutls/patches/patch-lib_accelerated_x86_x86-common.c 1.1
---
Module Name: pkgsrc
Committed By: jperkin
Date: Mon Apr 10 10:43:49 UTC 2017
Modified Files:
pkgsrc/security/gnutls: distinfo
Added Files:
pkgsrc/security/gnutls/patches:
patch-lib_accelerated_x86_x86-common.c
Log Message:
Avoid unsupported xgetbv instruction on older Darwin assemblers.
|
|
security/py-acme: build fix
security/py-certbot: build fix
Revisions pulled up:
- security/py-acme/Makefile 1.5-1.6
- security/py-certbot/Makefile 1.4
---
Module Name: pkgsrc
Committed By: fhajny
Date: Mon Apr 10 10:29:38 UTC 2017
Modified Files:
pkgsrc/security/py-acme: Makefile
pkgsrc/security/py-certbot: Makefile
Log Message:
Fix stale and missing dependencies in py-acme and py-certbot. PKGREVISION++
---
Module Name: pkgsrc
Committed By: fhajny
Date: Tue Apr 11 06:32:32 UTC 2017
Modified Files:
pkgsrc/security/py-acme: Makefile
Log Message:
Fix py-requests dependency version
|
|
security/nacl: metadata update
Revisions pulled up:
- security/nacl/Makefile 1.2
---
Module Name: pkgsrc
Committed By: schmonz
Date: Sat Apr 8 18:36:51 UTC 2017
Modified Files:
pkgsrc/security/nacl: Makefile
Log Message:
Update HOMEPAGE.
|
|
security/p5-Authen-TacacsPlus: build fix
Revisions pulled up:
- security/p5-Authen-TacacsPlus/Makefile 1.15
- security/p5-Authen-TacacsPlus/distinfo 1.6
---
Module Name: pkgsrc
Committed By: mef
Date: Thu Apr 6 13:42:46 UTC 2017
Modified Files:
pkgsrc/security/p5-Authen-TacacsPlus: Makefile distinfo
Log Message:
Updated security/p5-Authen-TacacsPlus to 0.26
---------------------------------------------
0.26 2015-12-08 Mike McCauley
- pass CFLAGS and CPPFLAGS explicitly in the subdirectory to get all
hardening flags, Patch from Florian Schlichting.
|
|
Bump PKGREVISION
Pointed out by <joerg>'s bulk builds
|
|
mirror.
|
|
|
|
|
|
|
|
Bump go-crypto and go-tools, which now depends on go-crypto-acme.
Fixes PR pkg/52081 breakage.
|
|
circular dependency from PR pkg/52081.
|
|
|
|
|
|
SECURITY:
* Common name not being validated when `exclude_cn_from_sans` option used in
`pki` backend
DEPRECATIONS/CHANGES:
* List Operations Always Use Trailing Slash
* PKI Defaults to Unleased Certificates
FEATURES:
* Replication (Enterprise)
* Response Wrapping & Replication in the Vault Enterprise UI
* Expanded Access Control Policies
* SSH Backend As Certificate Authority
IMPROVEMENTS:
* api/request: Passing username and password information in API request
* audit: Logging the token's use count with authentication response and
logging the remaining uses of the client token with request
* auth/approle: Support for restricting the number of uses on the tokens
issued
* auth/aws-ec2: AWS EC2 auth backend now supports constraints for VPC ID,
Subnet ID and Region
* auth/ldap: Use the value of the `LOGNAME` or `USER` env vars for the
username if not explicitly set on the command line when authenticating
* audit: Support adding a configurable prefix (such as `@cee`) before each
line
* core: Canonicalize list operations to use a trailing slash
* core: Add option to disable caching on a per-mount level
* core: Add ability to require valid client certs in listener config
* physical/dynamodb: Implement a session timeout to avoid having to use
recovery mode in the case of an unclean shutdown, which makes HA much safer
* secret/pki: O (Organization) values can now be set to role-defined values
for issued/signed certificates
* secret/pki: Certificates issued/signed from PKI backend do not generate
leases by default
* secret/pki: When using DER format, still return the private key type
* secret/pki: Add an intermediate to the CA chain even if it lacks an
authority key ID
* secret/pki: Add role option to use CSR SANs
* secret/ssh: SSH backend as CA to sign user and host certificates
* secret/ssh: Support reading of SSH CA public key from `config/ca` endpoint
and also return it when CA key pair is generated
BUG FIXES:
* audit: When auditing headers use case-insensitive comparisons
* auth/aws-ec2: Return role period in seconds and not nanoseconds
* auth/okta: Fix panic if user had no local groups and/or policies set
* command/server: Fix parsing of redirect address when port is not mentioned
* physical/postgresql: Fix listing returning incorrect results if there were
multiple levels of children
Full changelog:
https://github.com/hashicorp/vault/blob/v0.7.0/CHANGELOG.md
|
|
## [1.12.0][] (2017-02-10)
### Breaking changes
* None
### New features
* Add `SSHKit.config.default_runner_config` option that allows overriding default runner configs.
## [1.11.5][] (2016-12-16)
### Bug fixes
* Do not prefix `exec` command
[PR #378](https://github.com/capistrano/sshkit/pull/378) @dreyks
## [1.11.4][] (2016-11-02)
* Use string interpolation for environment variables to avoid escaping issues
with sprintf
[PR #280](https://github.com/capistrano/sshkit/pull/280)
@Sinjo - Chris Sinjakli
|
|
## [1.1.2][] (2017-01-02)
* Add Ruby 2.4.0 to testing matrix and fix Ruby 2.4 deprecation warnings
|
|
|
|
syntax otherwise -- it has a better chance of working.
|
|
Unbreaks mail/notmuch.
|
|
PuTTY 0.68, released today, supports elliptic-curve cryptography for host
keys, user authentication keys, and key exchange. Also, for the first time,
it comes in a 64-bit Windows version.
This update may create a build issue for non-BSD due to ancient functions
being different on BSD and SYSV. there's always macros if this fails.
|
|
having an empty SUBST_SED returns usage and a non-zero exit value and
the build doesn't continue.
|
|
No changelog from upstream but there is a new acme package for Let's
Encrypt certificates.
|
|
bsiegert@. There's no reason to pollute other operating systems.
Bump PKGREVISION.
|
|
|
|
sqlmap is an open source penetration testing tool that automates
the process of detecting and exploiting SQL injection flaws and
taking over of database servers. It comes with a powerful detection
engine, many niche features for the ultimate penetration tester
and a broad range of switches lasting from database fingerprinting,
over data fetching from the database, to accessing the underlying
file system and executing commands on the operating system via
out-of-band connections.
|
|
1.8.1 - 2017-03-10
~~~~~~~~~~~~~~~~~~
* Fixed macOS wheels to properly link against 1.1.0 rather than 1.0.2.
1.8 - 2017-03-09
~~~~~~~~~~~~~~~~
* Added support for Python 3.6.
* Windows and macOS wheels now link against OpenSSL 1.1.0.
* macOS wheels are no longer universal. This change significantly shrinks the
size of the wheels. Users on macOS 32-bit Python (if there are any) should
migrate to 64-bit or build their own packages.
* Changed ASN.1 dependency from ``pyasn1`` to ``asn1crypto`` resulting in a
general performance increase when encoding/decoding ASN.1 structures. Also,
the ``pyasn1_modules`` test dependency is no longer required.
* Added support for
:meth:`~cryptography.hazmat.primitives.ciphers.CipherContext.update_into` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext`.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.private_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization`.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.public_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization`.
* :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`
now require that ``password`` must be bytes if provided. Previously this
was documented but not enforced.
* Added support for subgroup order in :doc:`/hazmat/primitives/asymmetric/dh`.
|
|
|
|
Fast ASN.1 parser and serializer with definitions for private keys,
public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7, PKCS#8,
PKCS#12, PKCS#5, X.509 and TSP.
|
|
Changes not found, but this comes with new asymmetric DH and DSA files.
|
|
1.6.0 2017-02-26 03:26 UTC
Changelog:
* This release adds GnuPG 2.1 support.
* Internal API has been refactored.
* Fix Bug #21182: Ignore invalid proc_close() exit code
* Fix Bug G#28: Use --batch argument for key imports when no passphrase is
provided.
* Fix Bug #21151: GPG-AGENT process is not automatically closed when using
GnuPG 2.0
* Fix Bug #21152: Ignore time conflicts (by default)
* Fixed Bug #21148: Throw bad-passphrase exception instead of key-not-found
exception on decryption
|
|
bumping any package depending on a pkg with APACHE_PKG_PREFIX but without
APACHE_PKG_PREFIX in its PKGNAME.
|
|
Upstream changes:
2017-01-26 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.12
2017-01-23 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* NAMESPACE: export sha1.function() and sha1.call()
* R/sha1.R:
- sha1() gains methods for the class "function" and "call"
- sha1() gains a ... argument, currently only relevant for
"function"
- sha1() takes arguments into account for hash for complex,
Date and array. Note that this will lead to different
hasheS for these classes and for objects containing
these classes
* man/sha1.rd: update helppage for sha1()
* tests/sha1Test.R: update unit tests for sha1()
2017-01-01 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.11
* R/sha1.R (sha1.anova): Added more #nocov marks
* src/sha2.c (SHA256_Transform): Idem
* tests/AESTest.R (hextextToRaw): Print AES object
* tests/AESTest.Rout.save: Updated
2016-12-08 Dirk Eddelbuettel <edd@debian.org>
* NAMESPACE: Register (and exported) makeRaw S3 methods
* man/makeRaw.Rd: New manual page
* tests/hmacTest.R: Direct call to makeRaw()
* tests/hmacTest.Rout.save: Ditto
* src/digest.c: Additional #nocov tags
* src/xxhash.c: Ditto
2016-12-07 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Rolled minor version
* README.md: Use shields.io badge for codecov
* R/digest.R: Additional #nocov tags
* src/sha2.c: Ditto
* src/raes.c: Ditto
* tests/hmacTest.R: Additional tests
* tests/hmacTest.Rout.save: Ditto
2016-11-30 Dirk Eddelbuettel <edd@debian.org>
* .travis.yml (before_install): Activate PPA as we (currently)
need an updated version of (r-cran)-covr to run coverage
* tests/load-unload.R: Comment-out for now as it upsets coverage
* tests/digestTest.R: Test two more algorithms
* tests/digestTest.Rout.save: Updated reference output
* R/digest.R: Added #nocov tags
* R/zzz.R (.onUnload): Ditto
* src/crc32.c: Ditto
* src/pmurhash.c: Ditto
* src/raes.c: Ditto
* src/sha2.c: Ditto
* src/xxhash.c: Ditto
2016-11-26 Dirk Eddelbuettel <edd@debian.org>
* .travis.yml (after_success): Integrated Jim Hester's suggestion of
activating code coverage sent many moons ago (in PR #12)
* .codecov.yml (comment): Added
* .Rbuildignore: Exclude .codecov.yml
* README.md: Added code coverage badge
2016-10-16 Dirk Eddelbuettel <edd@debian.org>
* R/digest.R (digest): Support 'nosharing' option of base::serialize
as suggested by Radford Neal whose pqR uses this
2016-08-02 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (License): Now GPL (>= 2), cf issue 36 on GH
* README.md: Updated badge accordingly
2016-08-02 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Release 0.6.10
* DESCRIPTION (Description): Shortened to one paragraph
* DESCRIPTION (BugReports): URL to GH issues added
* .travis.yml: Rewritten for run.sh from forked r-travis
2016-07-12 Henrik Bengtsson <hb@aroma-project.org>
* src/digest.c: Correct bug with skip and file parameter interaction
* tests/digestTest.R: Test code
* tests/digestTest.Rout.save: Test reference output
* R/zzz.R: Allow for unloading of shared library
* tests/load-unload.R: Test code
* DESCRIPTION: Rolled minor Version and Date
2016-05-25 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* R/sha1.R: Support for pairlist and name
* tests/sha1Test.R: Support for pairlist and name
* man/sha1.Rd: Support for pairlist, name, complex, array and Date
* NAMESPACE: Support for pairlist, name and array
* DESCRIPTION: bump version number and date
2016-05-01 Viliam Simko <viliam.simko@gmail.com>
* R/sha1.R: Support for complex, Date and array
* tests/sha1Test.R: Ditto
* NAMESPACE: Ditto
2016-04-27 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Author): Add Qiang Kou to Authors
* README.md: Ditto
2016-01-25 Dirk Eddelbuettel <edd@debian.org>
* src/digest.c (digest): Use XLENGTH if R >= 3.0.0 (issue #29)
2016-01-11 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* R/sha1.R: handle empty list and empty dataframe (#issue 27);
take the object class, digits and zapsmall into account (#PR 28)
* vignettes/sha1.Rmd: Small edits to reflect changes is sha1()
2016-01-09 Michel Lang <michellang@gmail.com>
* R/sha1.R: Add a length check to sha1(), use vapply()
|
|
|
|
|
|
This is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a
relatively simple bash-script.
It uses the openssl utility for everything related to
actually handling keys and certificates,
so you need to have that installed.
Other dependencies are: curl, sed, grep, mktemp
(all found on almost any system, curl being the only exception)
|
