| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
|
|
PR pkg/56636
|
|
PR pkg/56638
|
|
Version 3.7.3 (released 2022-01-17)
** libgnutls: The allowlisting configuration mode has been added to the system-wide
settings. In this mode, all the algorithms are initially marked as insecure
or disabled, while the applications can re-enable them either through the
[overrides] section of the configuration file or the new API.
** The build infrastructure no longer depends on GNU AutoGen for generating
command-line option handling, template file parsing in certtool, and
documentation generation. This change also removes run-time or
bundled dependency on the libopts library, and requires Python 3.6 or later
to regenerate the distribution tarball.
Note that this brings in known backward incompatibility in command-line
tools, such as long options are now case sensitive, while previously they
were treated in a case insensitive manner: for example --RSA is no longer a
valid option of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and
used as a gnutls_privkey_t. The code was originally written for the
OpenConnect VPN project by David Woodhouse. To generate such blobs, use the
tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
** libgnutls: The library now transparently enables Linux KTLS
(kernel TLS) when the feature is compiled in with --enable-ktls configuration
option. If the KTLS initialization fails it automatically falls back
to the user space implementation.
** certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension. New API functions are also provided to
access and manipulate the extension values.
** certtool: The certtool command can now generate, manipulate, and evaluate
x25519 and x448 public keys, private keys, and certificates.
** libgnutls: Disabling a hashing algorithm through "insecure-hash"
configuration directive now also disables TLS ciphersuites that use it as a
PRF algorithm.
** libgnutls: PKCS#12 files are now created with modern algorithms by default.
Previously certtool used PKCS12-3DES-SHA1 for key derivation and
HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with
PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the
default PBKDF2 iteration count has been increased to 600000.
** libgnutls: PKCS#12 keys derived using GOST algorithm now uses
HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to
conform with the latest TC-26 requirements.
** libgnutls: The library now provides a means to report the status of approved
cryptographic operations. To adhere to the FIPS140-3 IG 2.4.C., this
complements the existing mechanism to prohibit the use of unapproved
algorithms by making the library unusable state.
** gnutls-cli: The gnutls-cli command now provides a --list-config option to
print the library configuration.
** libgnutls: Fixed possible race condition in
gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared
among multiple threads. [GNUTLS-SA-2022-01-17, CVSS: low]
** API and ABI modifications:
GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t
GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags
gnutls_ecc_curve_set_enabled: Added.
gnutls_sign_set_secure: Added.
gnutls_sign_set_secure_for_certs: Added.
gnutls_digest_set_secure: Added.
gnutls_protocol_set_enabled: Added.
gnutls_fips140_context_init: New function
gnutls_fips140_context_deinit: New function
gnutls_fips140_push_context: New function
gnutls_fips140_pop_context: New function
gnutls_fips140_get_operation_state: New function
gnutls_fips140_operation_state_t: New enum
gnutls_transport_is_ktls_enabled: New function
gnutls_get_library_configuration: New function
|
|
|
|
|
|
|
|
|
|
This is a DES implementation in python, last updated in 2010.
Nothing in pkgsrc uses it.
|
|
|
|
|
|
## [1.1.2] - 2022-01-13
### Fixed
* A pin on one of `pip-audit`'s dependencies was fixed
([#213](https://github.com/trailofbits/pip-audit/pull/213))
|
|
Contains various cleanups.
|
|
- added "experimental" support for delayed encryption (option -nN)
- add tlswrapper-smtp (STARTTLS support for old inetd-style SMTP servers)
|
|
|
|
|
|
|
|
|
|
0.103.5 (2022-01-12)
ClamAV 0.103.5 is a critical patch release with the following fixes:
* CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>:
Fix for invalid pointer read that may cause a crash. This issue affects
0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
option) is enabled.
Cisco would like to thank Laurent Delosieres of ManoMano for reporting
this vulnerability.
* Fixed ability to disable the file size limit with libclamav C API, like
this:
cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
This issue didn't affect ClamD or ClamScan which also can disable the
limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD,
or clamscan --max-filesize=0 for ClamScan.
Note: Internally, the max file size is still set to 2 GiB. Disabling the
limit for a scan will fall back on the internal 2 GiB limitation.
* Increased the maximum line length for ClamAV config files from 512 bytes
to 1,024 bytes to allow for longer config option strings.
* SigTool: Fix insufficient buffer size for --list-sigs that caused a
failure when listing a database containing one or more very long
signatures. This fix was backported from 0.104.
Special thanks to the following for code contributions and bug reports:
* Laurent Delosieres
|
|
Noteworthy changes in version 1.6.0 (2021-06-10) [C22/A14/R0]
------------------------------------------------
* Limited support for the Authenticated-Enveloped-Data content type.
[81fdcd680c12]
* Support password based decryption. [cb7f2484a09c]
* Fix build problem on macOS.
* Silence warnings from static analyzers.
* Interface changes relative to the 1.5.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KSBA_CT_AUTHENVELOPED_DATA NEW.
Release-info: https://dev.gnupg.org/T5479
Noteworthy changes in version 1.5.1 (2021-04-06) [C21/A13/R1]
------------------------------------------------
* Support Brainpool curves specified by ECDomainParameters.
Release-info: https://dev.gnupg.org/T5379
Noteworthy changes in version 1.5.0 (2020-11-18) [C21/A13/R0]
------------------------------------------------
* ksba_cms_identify now identifies OpenPGP keyblock content.
* Supports TR-03111 plain format ECDSA signature verification.
* Fixes a CMS signed data parser bug exhibited by a somewhat strange
CMS message. [b6438e768c]
* Interface changes relative to the 1.4.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KSBA_CT_OPENPGP_KEYBLOCK NEW.
Release-info: https://dev.gnupg.org/T5146
|
|
Noteworthy changes in version 1.2.0 (2021-08-25)
------------------------------------------------
* qt: Show a warning if Caps Lock is on on Windows, X11 (requires
libX11 and Qt5X11Extras), and Wayland (requires KF5WaylandClient).
[T4950]
* qt: Support password formatting. This makes generated passwords
easier to transcript. [T5517]
* qt: Fix showing of pinentry window on Wayland. [T5528]
* qt: Check passphrase constraints before accepting passphrase if
passphrase constraints are requested to be enforced. [T5532]
* qt: Improve detection of running in a GUI session. [T3659]
* qt: Improve accessibility when entering new password.
|
|
gcr 3.38.1:
- ui: Set "use-underline" for GcrImportButton
- Updated Chinese (Taiwan) translation
|
|
https://github.com/ZoneMinder/zoneminder/commit/417421b1d869d1b71c8ec1a1e3b082fcede6ce58#diff-484f666f58ec13f38fa402143f2f6ad8e63a013909d3941ffbb3d66745b20c8d
This is also needed by the Pkgsrc WIP version.
Bump PKGREVISION - though this change is unlikely to alter the outcome of
previously successful builds.
|
|
Darwin platform allows to build on releases before Yosemite/ios 8.
Fixes build on Snow Leopard. Still builds on Monterey.
|
|
"-o $@" is already sufficient.
Also for SunPro, set OPENSSL_HOST.SunOS-x86_64=solaris64-x86_64-cc
(that's cc, not gcc) to avoid this error linking libcrypto.so:
cc: Warning: Option --libgcc passed to ld, if ld is invoked,
ignored otherwise
cc: No valid input files specified, no output generated
"make package" succeeds on:
- Solaris 11 with "Studio 12.6 Sun C 5.15"
- Tribblix m25.1 with pkgsrc gcc7
- CentOS 7 with pkgsrc gcc7
- FreeBSD 13 with system clang
- OpenBSD 7.0 with system clang
- NetBSD 9.2 and -current with system gcc
- CentOS 8 with system gcc
- Debian 11, 10, 9 with system gcc
- Devuan 4 with system gcc
- Ubuntu 21, 18, 16, 14 with system gcc
- Void with system gcc
- Gentoo with system gcc
|
|
Switch to python-gnupg.
This module allows easy access to GnuPG’s key management, encryption and signature functionality from Python programs. It is intended for use with Python 2.4 or greater.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1.9.5: Ludovic Rousseau
4 December 2021
- pcscd: autoexit even if no client connects
- Fix variable substitution in systemd units
- fix potential race conditions with powerState handling
- Add and use tag TAG_IFD_DEVICE_REMOVED
- UnitaryTests: port code to Python 3
1.9.4: Ludovic Rousseau
1 October 2021
- fix a memory leak when libusb is used for hotplug (i.e. non-Linux
systems)
1.9.3: Ludovic Rousseau
6 August 2021
- fix a stupid regression with systemd introduced in the previous version
1.9.2: Ludovic Rousseau
3 August 2021
- improve NetBSD support
- pcsc-spy: version 1.1
. add option -t|--thread
. x10 speed increase
. correctly exit at end-of-file
. remove, now useless, support of macOS
- systemd:
. use /etc/default/pcscd as EnvironmentFile
. use $PCSCD_ARGS to specify more arguments
- SetProtocol: Handle IFD_NOT_SUPPORTED from the driver
- hotplug_libudev.c: sanitize interface name
- pcsc_demo: change licence from GPLv3 to BSD
- use Python 3 for Python scripts (psc-spy, UnitaryTests)
- Some other minor improvements
|
|
1.5.1 (2021-12-31)
* Fixed compilation with PHP 8.1
* Fixed build with gpgme 1.4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
hashcat is the world's fastest and most advanced password recovery
utility, supporting five unique modes of attack for over 160
highly-optimized hashing algorithms. hashcat currently supports
CPU's, GPU's other hardware-accelerators on Linux, Windows and OSX,
and has facilities to help enable distributed password cracking.
From pkgsrc-wip, original packaging by adam@; thanks!
|
|
|
