| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Switch away from mono2 and install a desktop file.
|
|
Remove unrecognized flag (GCC 4.8.5), default to -std=gnu99, since we have
loop initial declarations.
tested on SmartOS and CentOS 7.
|
|
Needed to build on NetBSD 9 with gcc7.
|
|
There are a couple of functions that aren't defined, and this is easier than
patching (and doesn't impact other OS).
|
|
This may be required in order to access old, non-upgradable, devices for
which modulus size is less than 1024 bits (frequently 768 bits).
|
|
future Python 3.8
|
|
|
|
Noteworthy changes in version 1.8.5 (2019-08-29) [C22/A2/R5]
------------------------------------------------
* Bug fixes:
- Add mitigation against an ECDSA timing attack.
[#4626,CVE-2019-13627]
- Improve ECDSA unblinding.
* Other features:
- Provide a pkg-config file for libgcrypt.
Release-info: https://dev.gnupg.org/T4683
|
|
19.1.0
* macOS Keyring now honors a ``KEYCHAIN_PATH``
environment variable. If set, Keyring will use that
keychain instead of the default.
19.0.2
* Refresh package skeleton.
* Adopt `black <https://pypi.org/project/black>`_ code style.
19.0.1
* Merge with 18.0.1.
18.0.1
* ExceptionInfo no longer retains a reference to the
traceback.
|
|
3.9.0:
New features
* Add support for loading PEM files encrypted with AES256-CBC.
* Add support for XChaCha20 and XChaCha20-Poly1305 ciphers.
* Add support for bcrypt key derivation function (`Crypto.Protocol.KDF.bcrypt`).
* Add support for left multiplication of an EC point by a scalar.
* Add support for importing ECC and RSA keys in the new OpenSSH format.
Resolved issues
* it was not possible to invert an EC point anymore.
* fix printing of DSA keys.
* `DSA.generate()` was not always using the `randfunc` input.
* the MD2 hash had block size of 64 bytes instead of 16; as result the HMAC construction gave incorrect results.
|
|
Revision 0.4.7:
- Added `isInconsistent` property to all constructed types. This property
conceptually replaces `verifySizeSpec` method to serve a more general
purpose e.g. ensuring all required fields are in a good shape. By default
this check invokes subtype constraints verification and is run by codecs
on value de/serialisation.
- Deprecate `subtypeSpec` attributes and keyword argument. It is now
recommended to pass `ValueSizeConstraint`, as well as all other constraints,
to `subtypeSpec`.
- Fixed a design bug in a way of how the items assigned to constructed
types are verified. Now if `Asn1Type`-based object is assigned, its
compatibility is verified based on having all tags and constraint
objects as the type in field definition. When a bare Python value is
assigned, then field type object is cloned and initialized with the
bare value (constraints verificaton would run at this moment).
- Added `WithComponentsConstraint` along with related
`ComponentPresentConstraint` and `ComponentAbsentConstraint` classes
to be used with `Sequence`/`Set` types representing
`SET ... WITH COMPONENTS ...` like ASN.1 constructs.
|
|
- Support notifications for renewal: email, mailgun, sendgrid, IFTTT, pushover etc. https://github.com/Neilpang/acme.sh/wiki/notify
- add deploy hook to docker containers: https://github.com/Neilpang/acme.sh/wiki/deploy-to-docker-containers
- dns api: Schlundtech, NLnetLabs , acmeproxy, durabledns, Active24, MaraDNS, regru, jdcloud.com(京东云), Vultr, hexonet
- Support cloudflare new dns api Token format
- bug fixes.
|
|
Pkgsrc changes:
* Adapt patch to enforcer/utils/Makefile.in
Upstream changes:
* OPENDNSSEC-888: Fixup database conversion script.
* OPENDNSSEC-752: Incorrect calculated number of KSKs needed when KSK and ZSK
have exactly the same paramaters.
* OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs for
same rrset are mismatching.
|
|
5.61.0
Move kwalletd initialization earlier
Remove kde4 migration agent completely
5.58.0
Set correct kwalletd_bin_path
Export path of kwalletd binary for kwallet_pam
|
|
changes unknown
|
|
5.59.0
Don't hardcode dbus policy install dir
5.58.0
Force KAuth helpers to have UTF-8 support
|
|
1.4.0:
* Added the session_key attribute to the NtlmContext class so the session key can be accessed in downstream libraries
|
|
Release 1.18.0:
Added support for GSSAPI ECDH and Edwards DH key exchange algorithms.
Fixed gssapi-with-mic authentication to work with GSS key exchanges, in cases where gssapi-keyex is not supported.
Made connect_ssh and connect_reverse_ssh methods into async context managers, simplifying the syntax needed to use them to create tunneled SSH connections.
Fixed a couple of issues with known hosts matching on tunneled SSH connections.
Improved flexibility of key/certificate parser automatic format detection to properly recognize PEM even when other arbitrary text is present at the beginning of the file. With this change, the parser can also now handle mixing of multiple key formats in a single file.
Added support for OpenSSL “TRUSTED” PEM certificates. For now, no enforcement is done of the additional trust restrictions, but such certificates can be loaded and used by AsyncSSH without converting them back to regular PEM format.
Fixed some additional SFTP and SCP issues related to parsing of Windows paths with drive letters and paths with multiple colons.
Made AsyncSSH tolerant of a client which sends multiple service requests for the “ssh-userauth” service. This is needed by the Paramiko client when it tries more than one form of authentication on a connection.
|
|
|
|
This includes API changes to add support for hostname validation and
APLN support, as well as some minor changes.
|
|
doas is a port of OpenBSD's doas which runs on FreeBSD, Linux and
NetBSD.
The doas utility is a program originally written for OpenBSD which
allows a user to run a command as though they were another
user. Typically doas is used to allow non-privleged users to run
commands as though they were the root user. The doas program acts as
an alternative to sudo, which is a popular method in the Linux
community for granting admin access to specific users.
The doas program offers two benefits over sudo: its configuration file
has a simple syntax and it is smaller, requiring less effort to audit
the code. This makes it harder for both admins and coders to make
mistakes that potentially open security holes in the system.
|
|
0.37.2:
Stop disabling TLS session tickets in Nginx as it caused TLS failures on some systems.
0.37.1:
Fixed
Stop disabling TLS session tickets in Apache as it caused TLS failures on some systems.
0.37.0:
Added
Turn off session tickets for apache plugin by default
acme: Authz deactivation added to acme module.
Changed
Follow updated Mozilla recommendations for Nginx ssl_protocols, ssl_ciphers, and ssl_prefer_server_ciphers
Fixed
Fix certbot-auto failures on RHEL 8.
|
|
|
|
1.2.0:
* Support for Python 2.6 and 3.3 has been removed.
* Known incompatibilities with Python 3.8 have been resolved.
|
|
0.064:
- fix libtommath patch - building on HP-UX 11.11 / PA-RISC
- necessary XS adaptation to the latest libtommath
- bundled libtomcrypt update branch:develop
|
|
Some of the upstream changes since 0.4.0 :
* OpenSSL binary path is now configurable
* Support for ACME v02
* Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
* Use new ACME v2 endpoint by default
* Initial support for tls-alpn-01 validation
* OCSP refresh interval is now configurable
Full changelog available here :
https://github.com/lukas2511/dehydrated/blob/v0.6.5/CHANGELOG
|
|
Despite the changelog, the meson files are not included in
the distribution, so keep using autoconf for this release.
0.18.8
* Add support for g_autoptr() to our types [!11]
* Remove deprecated g_type_class_add_private() [!14]
* Bump GLib dependency (2.44+)
* Add meson build support [!9]
* Fix vapi generation [!15, ...]
* Build fixes [!12, !13]
* Updated translations
|
|
|
|
|
|
Minisign is a dead simple tool to sign files and verify signatures.
It is portable, lightweight, and uses the highly secure Ed25519 public-key
signature system.
OK kamil@
|
|
|
|
|
|
X - Certificate and Key management
This application is intended for creating and managing X.509
certificates, certificate requests, RSA, DSA and EC private keys,
Smartcards and CRLs. Everything that is needed for a CA is
implemented. All CAs can sign sub-CAs recursively. These certificate
chains are shown clearly. For an easy company-wide use there are
customiseable templates that can be used for certificate or request
generation.
All cryptographic data is stored in a SQL database. SQLite, MySQL
(MariaDB) and PostgreSQL databases are supported.
|
|
3.1.0:
OAuth2.0 Provider - Features
OIDC add support of nonce, c_hash, at_hash fields
New RequestValidator.fill_id_token method
Deprecated RequestValidator.get_id_token method
OIDC add UserInfo endpoint
New RequestValidator.get_userinfo_claims method
OAuth2.0 Provider - Security
Enhance data leak to logs
New default to not expose request content in logs
New function oauthlib.set_debug(True)
Disabling query parameters for POST requests
OAuth2.0 Provider - Bugfixes
Fix validate_authorization_request to return the new PKCE fields
Fix token_type to be case-insensitive (bearer and Bearer)
OAuth2.0 Client - Bugfixes
Fix Authorization Code's errors processing
BackendApplication.Client.prepare_request_body use the "scope" argument as intended.
Fix edge case when expires_in=Null
OAuth1.0 Client
Add case-insensitive headers to oauth1 BaseEndpoint
|
|
|
|
Implementation of elliptic curve cryptography using the Montgomery
and Edwards curves Curve25519, Ed25519, Ed448-Goldilocks and
Curve448, using the Decaf / Ristretto encoding.
|
|
|
|
v1.6.1:
Features
* Windows support, with wheels!
* GSSAPI extension rfc4178 (set_neg_mechs) support
* Expose mechanisms in the high-level API
* Test suite improvements
Documentation
* Add documentation for common cred store values
* Documentation typo fixes
|
|
2019.6.16:
Unknown changes
|
|
Bindings to OpenSSL libssl and libcrypto, plus custom SSH key parsers.
Supports RSA, DSA and EC curves P-256, P-384, P-521, and curve25519.
Cryptographic signatures can either be created and verified manually
or via x509 certificates. AES can be used in cbc, ctr or gcm mode for
symmetric encryption; RSA for asymmetric (public key) encryption or EC
for Diffie Hellman. High-level envelope functions combine RSA and AES
for encrypting arbitrary sized data. Other utilities include key
generators, hash functions (md5, sha1, sha256, etc), base64 encoder, a
secure random number generator, and 'bignum' math methods for manually
performing crypto calculations on large multibyte integers.
|
|
Cross-platform utilities for prompting the user for credentials or a
passphrase, for example to authenticate with a server or read a
protected key. Includes native programs for MacOS and Windows, hence
no 'tcltk' is required. Password entry can be invoked in two different
ways: directly from R via the askpass() function, or indirectly as
password-entry back-end for 'ssh-agent' or 'git-credential' via the
SSH_ASKPASS and GIT_ASKPASS environment variables. Thereby the user
can be prompted for credentials or a passphrase if needed when R calls
out to git or ssh.
|
|
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
|
|
Add a pkg-config file.
|
|
pdf files have gone, and the html tree reorganised.
|
|
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
|
|
Release 1.17.1:
Improved construction of file paths in SFTP to better handle native Windows source paths containing backslashes or drive letters.
Improved SFTP parallel I/O for large reads and file copies to better handle the case where a read returns less data than what was requested when not at the end of the file, allowing AsyncSSH to get back the right result even if the requested block size is larger than the SFTP server can handle.
Fixed an issue where the requested SFTP block_size wasn’t used in the get, copy, mget, and mcopy functions if it was larger than the default size of 16 KB.
Fixed a problem where the list of client keys provided in an SSHClientConnectionOptions object wasn’t always preserved properly across the opening of multiple SSH connections.
Changed SSH agent client code to avoid printing a warning on Windows when unable to connect to the SSH agent using the default path. A warning will be printed if the agent_path or SSH_AUTH_SOCK is explicitly set, but AsyncSSH will remain quiet if no agent path is set and no SSH agent is running.
Made AsyncSSH tolerant of unexpected authentication success/failure messages sent after authentication completes. AsyncSSH previously treated this as a protocol error and dropped the connection, while most other SSH implementations ignored these messages and allowed the connection to continue.
Made AsyncSSH tolerant of SFTP status responses which are missing error message and language tag fields, improving interoperability with servers that omit these fields. When missing, AsyncSSH treats these fields as if they were set to empty strings.
|
|
1.6.0:
Unknown changes
|
|
Revision 0.2.6:
- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
in CMS
- Added RFC6019 providing BinaryTime - an alternate format
for representing Date and Time
- RFC3565 superseded by RFC5649
- Added RFC5480 providng Elliptic Curve Cryptography Subject
Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support
- Added RFC3709 providing Logotypes in X.509 Certificates
- Added RFC3274 providing CMS Compressed Data Content Type
- Added RFC4073 providing Multiple Contents protection with CMS
- Added RFC2634 providing Enhanced Security Services for S/MIME
- Added RFC5915 providing Elliptic Curve Private Key
- Added RFC5940 providing CMS Revocation Information Choices
- Added RFC7296 providing IKEv2 Certificate Bundle
- Added RFC8619 providing HKDF Algorithm Identifiers
- Added RFC7191 providing CMS Key Package Receipt and Error Content
Types
- Added openType support for ORAddress Extension Attributes and
Algorithm Identifiers in the RFC5280 module
- Added RFC5035 providing Update to Enhanced Security Services for
S/MIME
- Added openType support for CMS Content Types and CMS Attributes
in the RFC5652 module
- Added openType support to RFC 2986 by importing definitions from
the RFC 5280 module so that the same maps are used.
- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709,
RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480,
RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226,
and RFC 8520
- Changed `ValueSizeConstraint` erroneously applied to `SequenceOf`
and `SetOf` objects via `subtypeConstraint` attribute to be applied
via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint
objects as `subtypeConstraint`, the former is only verified on
de/serialization i.e. when the [constructed] object at hand is fully
populated, while the latter is applied to [scalar] types at the moment
of instantiation.
|
|
Revision 0.4.6:
- Added previously missing SET OF ANY construct encoding/decoding support.
- Added omitEmptyOptionals option which is respected by Sequence
and Set encoders. When omitEmptyOptionals is set to True, empty
initialized optional components are not encoded. Default is False.
- New elements to SequenceOf/SetOf objects can now be added at any
position - the requirement for the new elements to reside at the end
of the existing ones (i.e. s[len(s)] = 123) is removed.
- List-like slicing support added to SequenceOf/SetOf objects.
- Removed default initializer from SequenceOf/SetOf types to ensure
consistent behaviour with the rest of ASN.1 types. Before this change,
SequenceOf/SetOf instances immediately become value objects behaving
like an empty list. With this change, SequenceOf/SetOf objects
remain schema objects unless a component is added or .clear() is
called.
This change can potentially cause incompatibilities with existing
pyasn1 objects which assume SequenceOf/SetOf instances are value
objects right upon instantiation.
The behaviour of Sequence/Set types depends on the componentType
initializer: if on componentType is given, the behaviour is the
same as SequenceOf/SetOf have. IF componentType is given, but
neither optional nor defaulted components are present, the created
instance remains schema object, If, however, either optional or
defaulted component isi present, the created instance immediately
becomes a value object.
- Added .reset() method to all constructed types to turn value object
into a schema object.
- Added PyAsn1UnicodeDecodeError/PyAsn1UnicodeDecodeError exceptions
to help the caller treating unicode errors happening internally
to pyasn1 at the upper layers.
- Added support for subseconds CER/DER encoding edge cases in
GeneralizedTime codec.
- Fixed 3-digit fractional seconds value CER/DER encoding of
GeneralizedTime.
- Fixed AnyDecoder to accept possible TagMap as asn1Spec
to make dumping raw value operational
|
|
Changes:
* Support TLS-alpn mode.
* Support Post-As-Get
* Support Buypass.com CA
* Support 12 more dns api.
* Bug fixes.
* Use letsencrypt v2 api as default.
* Use dns over tls to check domain status.
* Support Windows native taskschuler for cronjob.
* fix IDN name issues.
* fix other issues.
|
