| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
2.027 2016/04/20
- only added Changes for 2.026
2.026 2016/04/20
- update default server and client ciphers based on recommendation of
Mozilla and what the current browsers use. Notably this finally disables
RC4 for the client (was disabled for server long ago) and adds CHACHA20.
|
|
does not compile on either.
|
|
|
|
Changes:
16.0.0 (2016-03-19)
-------------------
This is the first release under full stewardship of PyCA.
We have made *many* changes to make local development more pleasing.
The test suite now passes both on Linux and OS X with OpenSSL 0.9.8,
1.0.1, and 1.0.2. It has been moved to `py.test <https://pytest.org/>`_,
all CI test runs are part of `tox <https://testrun.org/tox/>`_ and
the source code has been made fully `flake8
<https://flake8.readthedocs.org/>`_ compliant.
We hope to have lowered the barrier for contributions significantly
but are open to hear about any remaining frustrations.
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Python 3.2 support has been dropped.
It never had significant real world usage and has been dropped
by our main dependency ``cryptography``. Affected users should
upgrade to Python 3.3 or later.
Deprecations:
^^^^^^^^^^^^^
- The support for EGD has been removed.
The only affected function ``OpenSSL.rand.egd()`` now uses
``os.urandom()`` to seed the internal PRNG instead. Please see
`pyca/cryptography#1636
<https://github.com/pyca/cryptography/pull/1636>`_ for more
background information on this decision. In accordance with our
backward compatibility policy ``OpenSSL.rand.egd()`` will be
*removed* no sooner than a year from the release of 16.0.0.
Please note that you should `use urandom
<http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_
for all your secure random number needs.
- Python 2.6 support has been deprecated.
Our main dependency ``cryptography`` deprecated 2.6 in version
0.9 (2015-05-14) with no time table for actually dropping it.
pyOpenSSL will drop Python 2.6 support once ``cryptography``
does.
Changes:
^^^^^^^^
- Fixed ``OpenSSL.SSL.Context.set_session_id``,
``OpenSSL.SSL.Connection.renegotiate``,
``OpenSSL.SSL.Connection.renegotiate_pending``, and
``OpenSSL.SSL.Context.load_client_ca``.
They were lacking an implementation since 0.14. `#422
<https://github.com/pyca/pyopenssl/pull/422>`_
- Fixed segmentation fault when using keys larger than 4096-bit to sign data.
`#428 <https://github.com/pyca/pyopenssl/pull/428>`_
- Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()``
was called before setting any app data.
`#304 <https://github.com/pyca/pyopenssl/pull/304>`_
- Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey``
objects that represent public keys, and ``OpenSSL.crypto.load_publickey()``
to load such objects from serialized representations.
`#382 <https://github.com/pyca/pyopenssl/pull/382>`_
- Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation
list out to a string buffer.
`#368 <https://github.com/pyca/pyopenssl/pull/368>`_
- Added ``OpenSSL.SSL.Connection.get_state_string()`` using the
OpenSSL binding ``state_string_long``.
`#358 <https://github.com/pyca/pyopenssl/pull/358>`_
- Added support for the ``socket.MSG_PEEK`` flag to
``OpenSSL.SSL.Connection.recv()`` and
``OpenSSL.SSL.Connection.recv_into()``.
`#294 <https://github.com/pyca/pyopenssl/pull/294>`_
- Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and
``OpenSSL.SSL.Connection.get_protocol_version_name()``.
`#244 <https://github.com/pyca/pyopenssl/pull/244>`_
- Switched to ``utf8string`` mask by default.
OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8
characters present. This was changed to default to ``UTF8String``
in the config around 2005, but the actual code didn't change it
until late last year. This will default us to the setting that
actually works. To revert this you can call
``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``.
`#234 <https://github.com/pyca/pyopenssl/pull/234>`_
|
|
(due the deprecation of RTF_LLINFO).
Bump PKGREVISION.
Reviewed by <ozaki-r>.
|
|
Noteworthy changes in version 1.7.0 (2016-04-15) [C21/A1/R0]
------------------------------------------------
* New algorithms and modes:
- SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
- SHAKE128 and SHAKE256 extendable-output hash algorithms.
- ChaCha20 stream cipher.
- Poly1305 message authentication algorithm
- ChaCha20-Poly1305 Authenticated Encryption with Associated Data
mode.
- OCB mode.
- HMAC-MD2 for use by legacy applications.
* New curves for ECC:
- Curve25519.
- sec256k1.
- GOST R 34.10-2001 and GOST R 34.10-2012.
* Performance:
- Improved performance of KDF functions.
- Assembler optimized implementations of Blowfish and Serpent on
ARM.
- Assembler optimized implementation of 3DES on x86.
- Improved AES using the SSSE3 based vector permutation method by
Mike Hamburg.
- AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
about 20% faster than SSSE3 and more than 100% faster than the
generic C implementation.
- 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
- 60-90% speedup for Whirlpool on x86.
- 300% speedup for RIPE MD-160.
- Up to 11 times speedup for CRC functions on x86.
* Other features:
- Improved ECDSA and FIPS 186-4 compliance.
- Support for Montgomery curves.
- gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
algorithm.
- gcry_mpi_ec_sub to subtract two points on a curve.
- gcry_mpi_ec_decode_point to decode an MPI into a point object.
- Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
- Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
hash part.
- Parameter "saltlen" to set a non-default salt length for RSA PSS.
- A SP800-90A conforming DRNG replaces the former X9.31 alternative
random number generator.
- Map deprecated RSA algo number to the RSA algo number for better
backward compatibility. [from 1.6.2]
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
[from 1.6.3]
- Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]. [from 1.6.3]
- Flag "no-keytest" for ECC key generation. Due to a bug in
the parser that flag will also be accepted but ignored by older
version of Libgcrypt. [from 1.6.4]
- Speed up the random number generator by requiring less extra
seeding. [from 1.6.4]
- Always verify a created RSA signature to avoid private key leaks
due to hardware failures. [from 1.6.4]
- Mitigate side-channel attack on ECDH with Weierstrass curves
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
details. [from 1.6.5]
* Internal changes:
- Moved locking out to libgpg-error.
- Support of the SYSROOT envvar in the build system.
- Refactor some code.
- The availability of a 64 bit integer type is now mandatory.
* Bug fixes:
- Fixed message digest lookup by OID (regression in 1.6.0).
- Fixed a build problem on NetBSD
- Fixed memory leaks in ECC code.
- Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_cipher_final NEW macro.
GCRY_CIPHER_MODE_CFB8 NEW constant.
GCRY_CIPHER_MODE_OCB NEW.
GCRY_CIPHER_MODE_POLY1305 NEW.
gcry_cipher_set_sbox NEW macro.
gcry_mac_get_algo NEW.
GCRY_MAC_HMAC_MD2 NEW.
GCRY_MAC_HMAC_SHA3_224 NEW.
GCRY_MAC_HMAC_SHA3_256 NEW.
GCRY_MAC_HMAC_SHA3_384 NEW.
GCRY_MAC_HMAC_SHA3_512 NEW.
GCRY_MAC_POLY1305 NEW.
GCRY_MAC_POLY1305_AES NEW.
GCRY_MAC_POLY1305_CAMELLIA NEW.
GCRY_MAC_POLY1305_SEED NEW.
GCRY_MAC_POLY1305_SERPENT NEW.
GCRY_MAC_POLY1305_TWOFISH NEW.
gcry_md_extract NEW.
GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
GCRY_MD_GOSTR3411_CP NEW.
GCRY_MD_SHA3_224 NEW.
GCRY_MD_SHA3_256 NEW.
GCRY_MD_SHA3_384 NEW.
GCRY_MD_SHA3_512 NEW.
GCRY_MD_SHAKE128 NEW.
GCRY_MD_SHAKE256 NEW.
gcry_mpi_ec_decode_point NEW.
gcry_mpi_ec_sub NEW.
GCRY_PK_EDDSA NEW constant.
GCRYCTL_GET_TAGLEN NEW.
GCRYCTL_SET_SBOX NEW.
GCRYCTL_SET_TAGLEN NEW.
|
|
The RTM_RESOLVE symbol has been removed after the following change in
src/sys/net/route.h:
revision 1.98
date: 2016-04-04 09:37:07 +0200; author: ozaki-r; state: Exp; lines: +8 -6; commitid: r0chxU5ZkTdAqh1z;
Separate nexthop caches from the routing table
Bump PKGREVISION to 1
|
|
1.12 2015-08-16 CPAN Day release
- Add NoVersion parameter to CO::Armour->armour (GH#26)
1.11 2015-07-20
- Check that Crypt::OpenPGP::Cipher->new succeeded, RT#14033.
- Fix GH#7, when false data was discarded (@Camspi).
1.10 2015-07-06
- Update GnuPG defaults (@bk2204).
- Fix error propagation on generating RSA key (@niner).
1.09 2015-07-02
- Require Digest::SHA instead of Digest::SHA1, RT#82316 (@bk2204).
1.08 2014-11-20
- Move distribution to Dist::Zilla.
- Require Alt::Crypt::RSA::BigInt instead of Crypt::RSA.
- Apply a patch from RT#82314 (@bk2204, @kmx).
- Add a test case from GH#7, yet to be fixed (@throughnothing).
1.07 2014-06-23
- Reformatted Changes as per CPAN::Changes::Spec.
- Fixed hash randomisation bug (RT#81442).
- Documentation now references most recent "OpenPGP Message Format" RFC.
- Fixed typo in Pod (@dsteinbrunner).
- Improved ASCII armor detection (@gwillen).
|
|
Upstream changes:
2016-01-07 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.9
* DESCRIPTION (Date): Bumped Date: to current date
2016-01-06 Dirk Eddelbuettel <edd@debian.org>
* vignettes/sha1.Rmd: Small edits
2016-01-06 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* R/sha1.R: Add functions to calculate stable SHA1 with floating points
* man/sha1.Rd: Add helpfile for sha1()
* tests/num2hexTest.R: unit tests for num2hex() (non exported function)
* tests/sha1Test.R: unit tests for sha1()
* NAMESPACE: Export sha1 and its methods
* DESCRIPTION: Add Thierry Onkelinx as contributor, bump Version and Date
* README.md: Add Thierry Onkelinx as contributor
* vignette/sha1.Rmd: Added
* .travis.yml: Added 'sudo: required' per recent Travis changes
2015-10-14 Dirk Eddelbuettel <edd@debian.org>
* man/digest.Rd: Remove references to inaccessible web pages
* man/hmac.Rd: Ditto
2015-10-13 Dirk Eddelbuettel <edd@debian.org>
* src/digest.c: Use uint32_t instead of int for nchar
2015-10-12 Qiang Kou <qkou@umail.iu.edu>
* src/digest.c: Use XLENGTH instead of LENGTH (PR #17, issue #16)
2015-08-06 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Title): Updated now stressing 'compact' over 'crypto'
2014-12-30 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.8
* DESCRIPTION (Date): Bumped Date: to current date
2014-12-29 Dirk Eddelbuettel <edd@debian.org>
* inst/include/pmurhashAPI.h: Added HOWTO comment to top of file
2014-12-26 Dirk Eddelbuettel <edd@debian.org>
* src/pmurhash.c: Protect against _BIG_ENDIAN defined but empty
* inst/include/pmurhash.h: Consistent four space indentation
2014-12-25 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION: Bump Date: and Version:
* src/init.c: Minor edit and removal of unused headers
2014-12-25 Wush Wu <wush978@gmail.com>
* inst/include/pmurhash.h: Export function
* src/init.c: Register function for use by other packages
2014-12-20 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.7
* DESCRIPTION (Date): Bumped Date: to current date
2014-12-19 Dirk Eddelbuettel <edd@debian.org>
* cleanup: Also remove src/symbols.rds
* src/sha2.c: Apply (slightly edited) patch from
https://www.nlnetlabs.nl/bugs-script/attachment.cgi?id=220&action=diff
to overcome the strict-aliasing warning
* src/digest.c: Use inttypes.h macro PRIx64 only on Windows
2014-12-16 Dirk Eddelbuettel <edd@debian.org>
* src/xxhash.c: Remove two semicolons to make gcc -pedantic happy
* tests/digestTest.Rout.save: Updated reflecting murmurHash test
* src/pmurhash.c: Renamed from PMurHash.c for naming consistency
* src/pmurhash.h: Renamed from PMurHash.h for naming consistency
2014-12-16 Jim Hester <james.f.hester@gmail.com>
* src/digest.c: murmurHash implementation
* tests/digestTest.R: murmurHash implementation
* R/digest.R: murmurHash implementation
* src/PMurHash.c: murmurHash implementation
* src/PMurHash.h: murmurHash implementation
2014-12-10 Dirk Eddelbuettel <edd@debian.org>
* src/xxhash.c: Applied pull request #6 by Jim Hester with updated
upstream code and already corrected UBSAN issue identified by CRAN
2014-12-09 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.6
* DESCRIPTION (Date): Bumped Date: to current date
* src/digest.c: Applied pull request #5 by Jim Hester providing
portable integer printing inttypes.h header
2014-12-08 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.5
* DESCRIPTION (Date): Bumped Date: to current date
* NAMESPACE: Expanded useDynLib() declaring C level symbols, in
particular using digest_impl to for the C-level digest
* R/AES.R: Use R symbols from NAMESPACE declaration in .Call()
* R/digest.R: Use R symbol digest_impl to load C level digest
2014-12-07 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION: Edited Title and Description
* R/digest.R: Added GPL copyright header, reindented to four spaces
* src/digest.c: Reindented to four spaces
* R/AES.R: Reindented to four spaces
* R/hmac.R: Reindented to four spaces
2014-12-06 Dirk Eddelbuettel <edd@debian.org>
* src/digest.c: Updated GPL copyright header
* src/xxhash.c: Removed two spurious ';'
* man/digest.Rd: Document 'seed' argument in \usage
* tests/digest.Rout.save: Updated for expanded tests
* DESCRIPTION: Add Jim Hester to list of Authors
2014-12-05 Dirk Eddelbuettel <edd@debian.org>
* R/digest.R: Applied pull request #3 by Jim Hester with support for
xxHash (https://code.google.com/p/xxhash/)
* src/digest.c: Ditto
* src/xxhash.c: xxHash implementation supplied as part of #3
* src/xxhash.h: xxHash implementation supplied as part of #3
* R/digest.R: Applied pull request #4 by Jim Hester with expanded
support for xxHash providing xxhash32 and xxhash64
* src/digest.c: Ditto
* man/digest.Rd: Added documentation for xxHash, corrected typos
* src/digest.R: New support for a seed parameter used by xxHash
* tests/digestTest.R: Added tests for xxHash
2014-08-15 Dirk Eddelbuettel <edd@debian.org>
* R/hmac.R: Applied (slightly edited) patch for crc32 computation of
hmac kindly supplied by Suchen Jin
|
|
|
|
(hi wiz! :))
DEPENDS on devel/py-attrs now that we have it and bump PKGREVISION.
While here also simplify MASTER_SITE.
|
|
1.74 2016-04-12
README.OSX was missing from the distribution
1.73 2016-04-11
Added X509_get_X509_PUBKEY. Patch supplied by GUILHEM. Thanks.
Added README.OSX with instructions on how to build for recent OS X.
Added info about using OPENSSL_PREFIX to README.Win32.
Added comments in POD about installation documentation.
Added '/usr/local/opt/openssl/bin/openssl' to Openssl search path for
latest version of OSX homebrew openssl. Patch from Shoichi Kaji.
|
|
Noteworthy changes in version 2.0.30 (2016-03-31)
-------------------------------------------------
* gpg: Avoid too early timeout during key generation with 2.1 cards.
* agent: Fixed printing of ssh fingerprints for 384 bit ECDSA keys.
* agent: Fixed an alignment bug related to the passphrase
confirmation.
* scdaemon: Fixed a "conflicting usage" bug.
* scdaemon: Fixed usb card reader removal problem on Windows 8 and
later.
* Fixed a problem on AIX due to peculiarity with RLIMIT_NOFILE.
* Updated the Japanese and Dutch translations.
* Fixed a few other bugs.
|
|
Version 3.4.1 - released 2006-03-26
----------------------------------------
- Included tests/private.pem in MANIFEST.in
- Included README.md and CHANGELOG.txt in MANIFEST.in
|
|
Upstream changes:
2016-03-09 Gisle Aas <gisle@ActiveState.com>
Release 2.55
Gordon Stanton (2):
Make use warnings work including test cases.
Initial Travis config
Gisle Aas (1):
Avoid warning: 'static' is not at beginning of declaration [RT#105646]
|
|
Problem isolated and solution provided by @Kurlon
https://github.com/joyent/pkgsrc/pull/350
|
|
|
|
|
|
gnutls will add a Requires.private for it in its .pc file
|
|
1.3.1 - 2016-03-21
~~~~~~~~~~~~~~~~~~
* Fixed a bug that caused an ``AttributeError`` when using ``mock`` to patch
some ``cryptography`` modules.
1.3 - 2016-03-18
~~~~~~~~~~~~~~~~
* Added support for padding ANSI X.923 with
:class:`~cryptography.hazmat.primitives.padding.ANSIX923`.
* Deprecated support for OpenSSL 0.9.8. Support will be removed in
``cryptography`` 1.4.
* Added support for the :class:`~cryptography.x509.PolicyConstraints`
X.509 extension including both parsing and generation using
:class:`~cryptography.x509.CertificateBuilder` and
:class:`~cryptography.x509.CertificateSigningRequestBuilder`.
* Added :attr:`~cryptography.x509.CertificateSigningRequest.is_signature_valid`
to :class:`~cryptography.x509.CertificateSigningRequest`.
* Fixed an intermittent ``AssertionError`` when performing an RSA decryption on
an invalid ciphertext, ``ValueError`` is now correctly raised in all cases.
* Added
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`.
|
|
2.025 2016/04/04
- Resolved memleak if SSL_crl_file was used: RT#113257, RT#113530
Thanks to avi[DOT]maslati[AT]forescout[DOT]com and
mark[DOT]kurman[AT]gmail[DOT]com for reporting the problem
|
|
1.22: Records created by Crypt::PWSafe3 (eg. the ones fetched
with getrecords) are now associated with the parent
object, so that you can modify them directly and call
$vault->save afterwards without using $vault->modifyrecord.
Erase passwd from memory using zeros instead of
random bytes. fixes github#9.
Fixed rt.cpan.org#112975: Crypt::ECB (which we use) have been
reworked and among other issues it fixed handline of padding.
PWSafe3.pm did not specify a padding scheme (because it doesn't
use it) and therefore Crypt::ECB enforced a default scheme
which lead to an invalid key size. Now we specify explicitly
padding:none, as suggested by Christoph Appel.
|
|
Upstream changes:
v2.15, 14.03.2016
- removing caching with v2.00 made Crypt::ECB ignorant of key changes
within the same Crypt::ECB object. Fixed, changing the key now
forces a new cipher object to be created.
- added some notes on upgrading from versions before v2.00 to the README
|
|
"xterm" binary not found - please amend $PATH or the cssh config file
ok wiz@
|
|
|
|
NetBSD doesn't ship a CA bundle by default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This fixes the build with the newest OpenSSL from pkgsrc. Bump revision.
|
|
|
|
Fixes a security vulnerability.
No proper changelog found, which I find even more astonishing for
security software...
|
|
Found by coypu.
|
|
** Bug
* [CPPOST-91] - BOOST autoconf macros break with gcc5
Release Notes - OpenSAML 2 - C++ - Version 2.5.4
** Bug
* [CPPOST-87] - legacyOrgNames doesn't work as expected with empty
mdui:UIInfo
* [CPPOST-88] - Insufficient XML entity encoding in Metadata Status
generation
* [CPPOST-90] - Condition validation for empty element incorrectly
requires either a NotBefore or a NotOnOrAfter attribute
This is part of fixing PR pkg/50354
|
|
* Based on Firefox 38.7.1
* Fix PR pkg/50975: security/tor-browser is built without -pie
* Store cache in ~/.tor-browser-caches instead of ~/Caches
|
|
|
|
Changes since OpenSSH 7.2p1
===========================
This release fixes a security bug:
* sshd(8): sanitise X11 authentication credentials to avoid xauth
command injection when X11Forwarding is enabled.
Full details of the vulnerability are available at:
http://www.openssh.com/txt/x11fwd.adv
|
|
|
|
CVE-2015-2695
CVE-2015-2696
CVE-2015-2697
CVE-2015-2698
CVE-2015-8629
CVE-2015-8630
CVE-2015-8631
|
|
Changes from 0.4.7 are too many to write here, please refer commit log:
<https://github.com/oauth-xx/oauth-ruby/commits/master>.
|
|
3.1.11 Mar 06 2016
- Add support for Ruby 2.2 in compiled Windows binaries
|
|
Changelog:
Rebase to Firefox 38.7.0
|
|
Changelog: 2016-03-05 PuTTY 0.67 released, fixing a SECURITY HOLE
PuTTY 0.67, released today, fixes a security hole in 0.66 and
before: vuln-pscp-sink-sscanf. It also contains a few other small
bug fixes.
Also, for the first time, the Windows executables in this release
(including the installer) are signed using an Authenticode certificate,
to help protect against tampering in transit from our website or
after downloading. You should find that they list "Simon Tatham"
as the verified publisher.
|
|
Changes since 2.4.1 from NEWS file:
2.5.1 - February 19th 2016
---------------------------
17 commits, 16 files changed, 1096 insertions, 42 deletions
- Add missing urn constants used in PAOS HTTP header
- Set NotBefore in SAML 2.0 login assertions
- tests: fix leak in test test16_test_get_issuer
- id-ff: fix leak of profile->private_data->message_id
- saml-2.0: fix leak of message_id in
lasso_profile_saml20_build_paos_request_msg
- tests: fix leaks in test_ecp
- xml: fix wrong termination of comment
- xml: fix leak in lasso_soap_envelope_new_full
- profile: fix leak of private idp_list field
- saml-2.0: fix leaks of url
- tests: fix leak
- tests: update valgrind suppressions
- perl: remove quotes from $PERL -V::ccflags: output (#9572)
- Fix wrong snippet type (fixes #9616). Thanks to Brett Gardner for the patch.
- tools.c: use correct NID and digest length when building RSA signature
using SHA-2 digest
(fixes #10019) Thanks to Brett Gardner for the patch.
- bindings/php5: fix enum getters and setters (fixes #10032). Thanks to
Brett Gardner for the bug report.
- fix warning about INCLUDES directive
2.5.0 - September 2nd 2015
--------------------------
151 commits, 180 files changed, 8391 insertions, 1339 deletions
- lots of bugfixes (reported by static analysis tools like clang,
coverity and manual inspection) thanks to Simo Sorce and John Dennis from
RedHat
- xsd:choices are now parsed correctly by implementing a real finite automata
for parsing XML documents. New flag for jumping forward and backward in
schema snippets have been added. It fixes parsing of message from third
party not following the ordre from the schema (they are entitled to do it but
most SAML implementations do not)
- added C CGI examples for SP and IdP side
- removed the _POSIX_SOURCE declaration
- added support for the SHA-2 family of hash functions
- fixed protocol profile selection when parsing AuthnRequest
- added support for Python 3, thanks to Houzefa Abbasbhay from
XCG Consulting
- fixed default value of WantAuthnRequestSigned in metadata parsing
- SAML 2.0 ECP is now functionnal, thanks to John Dennis from RedHat
- added two new API function to LassoProfile to extract the Issuer and
InResponseTo attribute of messages, allowing pre-treatment before parsing
the message, to load the metadata of the remote provider, or find the request
which the response matches.
- fixed segfault when parsing HTTP-Redirect marlformed base64 content
- added support for automake 1.15 (jdennis)
|
|
v2.10, 07.03.2016
- forgot another change in the v2.00 changelog...
- changed license from GPL to Artistic
- improved kwalitee:
- added license information to meta files
- removed test.pl
- added eg/ecb.pl (command line en- and decryption)
- added dummy cipher, so the test suite makes sense even if there are no block ciphers installed
- refactored test data from test scripts
|
|
|
