| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Digest::SHA3 is a complete implementation of the NIST SHA-3
cryptographic hash function, known originally as Keccak. It
gives Perl programmers a convenient way to calculate SHA3-224,
SHA3-256, SHA3-384, and SHA3-512 message digests, as well as
variable-length hashes using the SHA3-0 variant. The module
can handle all types of input, including partial-byte data.
|
|
Upstream changes:
5.89 Sat Apr 19 05:14:48 MST 2014
- added universal newlines mode ("U") to addfile and shasum
-- based on Python Universal Newlines concept
-- newlines identical across MacOS, DOS, and UNIX
-- will deprecate portable mode ("p") in future
-- "U" mode is cleaner and more efficient
- enhanced performance
-- reduced number of dynamic memory allocations
-- sped up addfile method with use of C code
-- ref. SHA.xs (_addfilebin and _addfileuniv)
- eliminated experimental -M option in favor of new -R option
-- reverses order of digest module preference
-- undocumented: for test and development use only
- sealed memory leak in SHA.xs
-- arose only with SvPVbyte exceptions during eval
- patched inheritence bug (ref: rt.cpan.org #94830)
-- use sv_isobject/sv_derived_from instead of sv_isa
- added 'allocated' flag to SHA structure (ref. src/sha.h)
-- to guard against Perl double frees
|
|
|
|
spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
encrypted and authenticated pipes between socket addresses, so that one may
connect to one address (e.g., a UNIX socket on localhost) and transparently
have a connection established to another address (e.g., a UNIX socket on a
different system). This is similar to 'ssh -L' functionality, but does not
use SSH and requires a pre-shared symmetric key.
Note that spiped:
1. Requires a strong key file: The file specified via the -k option should
have at least 256 bits of entropy. ('dd if=/dev/urandom bs=32 count=1' is
your friend.)
2. Does not provide any protection against information leakage via packet
timing: Running telnet over spiped will protect a password from being directly
read from the network, but will not obscure the typing rhythm.
3. Can significantly increase bandwidth usage for interactive sessions: It
sends data in packets of 1024 bytes, and pads smaller messages up to this
length, so a 1 byte write could be expanded to 1024 bytes if it cannot be
coalesced with adjacent bytes.
4. Uses a symmetric key -- so anyone who can connect to an spiped "server" is
also able to impersonate it.
|
|
|
|
|
|
|
|
Upstream changes:
1.12 - Fri Jan 3 17:36:10 2014
* Get rid of MYMETA
|
|
Add LICENSE
Upstream changes:
0.05 2014-02-03
- Replaced old testsuite (test.pl) with tests in t/
- Added "use warnings"
- Specified min version of perl 5.6.0
- Fixed pod errors
- Changed doc for internal funcs from pod to comments
0.04 2013-10-28
- github repo and license type (perl) now specified in Makefile.PL
so it will appear in the dist's metadata.
0.03 2013-04-10
- Fixed bug where word() would sometimes go into an infinite loop
- Reformatted according to CPAN::Changes::Spec
|
|
Add LICENSE
Upstream changes:
1.40 2013-09-30 15:32:00
- No code changes.
- Maintenance by Ron Savage <rsavage@cpan.org>.
- Fabricate some version #s for this file.
- Made Passwd.pm utf-8 so we can use Luis' proper name.
- Clean up code formatting.
- Clean up Makefile.PL.
- Use fake (ASCII) 帽 in Makefile.PL to keep Solaris happy. See RT#68478.
- Clean up README.
- Add Build.PL.
- Add Changes and Changelog.ini.
- Add META.*.
- Adopt Test::More in t/basic.t.
- Adopt 'use strict' and 'use warnings' to PasswdMD5.pm and t/basic.t.
- Accept patch for new function random_md5_salt(), and tests, from kbrint@rufus.net.
With thanx. See RT#37036.
- Add xt/author/pod.t.
|
|
Upstream changes:
5.88 Mon Mar 17 08:46:10 MST 2014
- added OUTPUT clause in SHA.xs to silence compiler warning
-- ref. shaclose()
- changed text file test (-T) to act on filehandles
-- ref. addfile portable mode
-- improves consistency when reading from STDIN
-- still acts on filenames for early Perls (< 5.6)
- added -M and -V options to shasum
-- undocumented: for development and testing use only
5.87 Mon Feb 17 16:42:02 MST 2014
- simplified capture of intermediate SHA states
-- can now be done via strings (ref. getstate/putstate)
-- substantially reduces size of src/sha.c
- tightened code in SHA.xs
-- added sv_isa checks when invoking methods
5.86 Thu Jan 30 08:24:28 MST 2014
- improved the performance of hexadecimal output functions
-- ref. 'shahex' in src/sha.c
-- thanks to Thomas Drugeon for ideas and test script
|
|
|
|
|
|
|
|
|
|
(CVE-2014-0076 is already fixed in pkgsrc).
OpenSSL CHANGES
_______________
Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
*) A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
[Adam Langley, Bodo Moeller]
*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
[Yuval Yarom and Naomi Benger]
*) TLS pad extension: draft-agl-tls-padding-03
Workaround for the "TLS hang bug" (see FAQ and opensslPR#2771): if the
TLS client Hello record length value would otherwise be > 255 and
less that 512 pad with a dummy extension containing zeroes so it
is at least 512 bytes long.
[Adam Langley, Steve Henson]
|
|
|
|
* A new certificate (X509) API, which supports:
- Reading the subject (identity) and issuer of the certificate.
- Reading various X509 extensions, including email and dnsName.
- Converting certificates to and from the standard ASCII PEM
format.
- Generating the fingerprint/digest of a certificate (using SHA1,
SHA256 or SHA512).
- Reading the certificate's expiration, serial number, and other
info.
* The ability to get more detailed information from OpenSSL about
why a certificate failed verification, for each certificate in the
chain.
* Flags to force acceptance of invalid certificates, e.g. to allow
the use of self-signed certificates in a Trust On First Use model.
* Flags to control checking CRLs for certificate revocation status.
* Support for ECDH cipher suites.
* An API to get the TLS 'finished' messages used for SASL channel
binding (e.g. the SCRAM PLUS mechanisms).
|
|
|
|
from pkgsrc-wip, packaged by Kamel Derouiche (required for PR pkg/42561).
ezPyCrypto is the culmination of my search for an approachable yet powerful
crypto library for Python.
|
|
changes:
-adds support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224,
ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512
-fixes a number of miscellaneous bugs
add "test" target
|
|
Version 0.24
~~~~~~~~~~~~
- Added a `BadHeader` exception that is used for bad headers
that replaces the old `BadPayload` exception that was reused
in those cases.
|
|
Packaging changes:
- adapt to non-standardly-named github WRKSRC
- bootstrap automake (this is a git snapshot, not "make distribution"
output)
Upstream changes:
New in 0.2.8; 2011-04-15; Martin Paljak
* Bumped soname for PKCS11_token struct size changes (Martin Paljak).
* Display the number of available slots (Ludovic Rousseau).
* Add openssl libcrypto to pkg-config private libs list (Kalev Lember).
* Fix building examples with --no-add-needed which is the default in Fedora
(Kalev Lember).
* Expose more token flags in PKCS11_token structure (Kalev Lember).
* Check that private data is not NULL in pkcs11_release_slot (Robin Bryce,
ticket #137).
New in 0.2.7; 2009-10-20; Andreas Jellinghaus
* If CKR_CRYPTOKI_ALREADY_INITIALIZED is returned from C_Initialize(): ignore.
(Needed for unloaded/reloaded engines e.g. in wpa_supplicant.) By David Smith.
|
|
1.4.16 - 23 March 2014, Ludovic Rousseau
- Add support of
. Crypto Stick Crypto Stick v1.4
. Hewlett Packard USB Smartcard CCID Keyboard
. IID AT90S064 CCID READER
. INSIDE Secure VaultIC 405 Smart Object
. INSIDE Secure VaultIC 441 Smart Object
. Microchip SEC1110
. Microchip SEC1210
. Watchdata W5181
- Add support of DRIVER_OPTION_DISABLE_PIN_RETRIES
The Gemalto pinpad reader sends a VERIFY command with no PIN value
in order to retreive the remaining retries from the card. Some
cards (like the OpenPGP card) do not support this.
It is now possible to disable this behavior from the Gemalto
Pinpad and Covadis Véga Alpha.
- Add support of WTX received before SW during Secure Pin Entry Verify
The Swiss health care card sends a WTX request before returning
the SW code. If the reader is in TPDU and the card is in T=1 the
driver must manage the request itself.
|
|
|
|
The Digest::JHash module allows you to use the fast JHash hashing
algorithm developed by Bob Jenkins from within Perl programs. The
algorithm takes as input a message of arbitrary length and produces
as output a 32-bit "message digest" of the input in the form of an
unsigned long integer.
Call it a low calorie version of MD5 if you like.
|
|
Packaging changes:
- adapt to non-standardly-named github WRKSRC
- bootstrap automake (this is a git snapshot, not "make distribution"
output)
Upstream changes:
New in 0.1.8; 2010-01-07; Andreas Jellinghaus
* Fix problem causing slot_n parsing returning not certs or keys
by Camille Moncelier
* Fix missing declaration of set_init_args symbol
by Arfrever Frehtes Taifersar Arahesis
New in 0.1.7; 2009-10-20; Andreas Jellinghaus
* Buffer overrun fixed by David Smith
New in 0.1.6; 2009-06-15; Andreas Jellinghaus
* Fixed set_pin (strdup causes segfault in OPENSSL_CLEANSE later)
* Require new libp11 0.2.5 with new function to get the slot id.
* Revert changes to slot parsing code - seems partial bogus and
orginal author doesn't respond to questions.
* print slot id in verbose mode (Douglas E. Engert).
|
|
Add a fix for CVE-2014-0076:
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
Fix from culled from
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29
Bump PKGREVISION.
|
|
PR pkg/48655 by Jason Bacon.
|
|
|
|
2014-03-04 release (0.3.13)
* Mostly added convenience functions for wrapper APIs:
- functions to manage the list of CA roots from client code;
- functions to convert hash values to and from imprints;
- a function to extract the data hash from a timestamp.
2014-01-20 release (0.3.12)
* Publications file verification switched away from hardcoded CA root
certificate:
- on most platforms OpenSSL trust store is used;
- on Windows Crypto API and its trust store are used by default,
with option to switch to OpenSSL and its trust store.
* Now builds with both OpenSSL 0.9.8 and OpenSSL 1.0.
* Lifted a restriction of the underlying WinINet library that limited
the number of simultaneous HTTP requests to 2 on Windows.
* Various other improvements to the build scripts.
* Replaced test timestamps with more recent ones.
|
|
---
3.7
---
* Gnome keyring no longer relies on the GNOME_KEYRING_CONTROL environment
variable.
* Issue #140: Restore compatibility for older versions of PyWin32.
---
3.6
---
* `Pull Request #1 (github) <https://github.com/jaraco/keyring/pull/1>`_:
Add support for packages that wish to bundle keyring by using relative
imports throughout.
---
3.5
---
* Issue #49: Give the backend priorities a 1.5 multiplier bump when an
XDG_CURRENT_DESKTOP environment variable matches the keyring's target
environment.
* Issue #99: Clarified documentation on location of config and data files.
Prepared the code base to treat the two differently on Unix-based systems.
For now, the behavior is unchanged.
---
3.4
---
* Extracted FileBacked and Encrypted base classes.
* Add a pyinstaller hook to expose backend modules. Ref #124
* Pull request #41: Use errno module instead of hardcoding error codes.
* SecretService backend: correctly handle cases when user dismissed
the collection creation or unlock prompt.
---
3.3
---
* Pull request #40: KWallet backend will now honor the ``KDE_FULL_SESSION``
environment variable as found on openSUSE.
-----
3.2.1
-----
* SecretService backend: use a different function to check that the
backend is functional. The default collection may not exist, but
the collection will remain usable in that case.
Also, make the error message more verbose.
Resolves https://bugs.launchpad.net/bugs/1242412.
---
3.2
---
* Issue #120: Invoke KeyringBackend.priority during load_keyring to ensure
that any keyring loaded is actually viable (or raises an informative
exception).
* File keyring:
- Issue #123: fix removing items.
- Correctly escape item name when removing.
- Use with statement when working with files.
* Add a test for removing one item in group.
* Issue #81: Added experimental support for third-party backends. See
`keyring.core._load_library_extensions` for information on supplying
a third-party backend.
---
3.1
---
* All code now runs natively on both Python 2 and Python 3, no 2to3 conversion
is required.
* Testsuite: clean up, and make more use of unittest2 methods.
-----
3.0.5
-----
* Issue #114: Fix logic in pyfs detection.
-----
3.0.4
-----
* Issue #114: Fix detection of pyfs under Mercurial Demand Import.
-----
3.0.3
-----
* Simplified the implementation of ``keyring.core.load_keyring``. It now uses
``__import__`` instead of loading modules explicitly. The ``keyring_path``
parameter to ``load_keyring`` is now deprecated. Callers should instead
ensure their module is available on ``sys.path`` before calling
``load_keyring``. Keyring still honors ``keyring-path``. This change fixes
Issue #113 in which the explicit module loading of keyring modules was
breaking package-relative imports.
-----
3.0.2
-----
* Renamed ``keyring.util.platform`` to ``keyring.util.platform_``. As reported
in Issue #112 and `mercurial_keyring #31
<https://bitbucket.org/Mekk/mercurial_keyring/issue/31>`_ and in `Mercurial
itself <http://bz.selenic.com/show_bug.cgi?id=4029>`_, Mercurial's Demand
Import does not honor ``absolute_import`` directives, so it's not possible
to have a module with the same name as another top-level module. A patch is
in place to fix this issue upstream, but to support older Mercurial
versions, this patch will remain for some time.
-----
3.0.1
-----
* Ensure that modules are actually imported even in Mercurial's Demand Import
environment.
---
3.0
---
* Removed support for Python 2.5.
* Removed names in ``keyring.backend`` moved in 1.1 and previously retained
for compatibilty.
-----
2.1.1
-----
* Restored Python 2.5 compatibility (lost in 2.0).
---
2.1
---
* Issue #10: Added a 'store' attribute to the OS X Keyring, enabling custom
instances of the KeyringBackend to use another store, such as the
'internet' store. For example::
keys = keyring.backends.OS_X.Keyring()
keys.store = 'internet'
keys.set_password(system, user, password)
keys.get_password(system, user)
The default for all instances can be set in the class::
keyring.backends.OS_X.Keyring.store = 'internet'
* GnomeKeyring: fix availability checks, and make sure the warning
message from pygobject is not printed.
* Fixes to GnomeKeyring and SecretService tests.
-----
2.0.3
-----
* Issue #112: Backend viability/priority checks now are more aggressive about
module presence checking, requesting ``__name__`` from imported modules to
force the demand importer to actually attempt the import.
-----
2.0.2
-----
* Issue #111: Windows backend isn't viable on non-Windows platforms.
-----
2.0.1
-----
* Issue #110: Fix issues with ``Windows.RegistryKeyring``.
---
2.0
---
* Issue #80: Prioritized backend support. The primary interface for Keyring
backend classes has been refactored to now emit a 'priority' based on the
current environment (operating system, libraries available, etc). These
priorities provide an indication of the applicability of that backend for
the current environment. Users are still welcome to specify a particular
backend in configuration, but the default behavior should now be to select
the most appropriate backend by default.
-----
1.6.1
-----
* Only include pytest-runner in 'setup requirements' when ptr invocation is
indicated in the command-line (Issue #105).
---
1.6
---
* GNOME Keyring backend:
- Use the same attributes (``username`` / ``service``) as the SecretService
backend uses, allow searching for old ones for compatibility.
- Also set ``application`` attribute.
- Correctly handle all types of errors, not only ``CANCELLED`` and ``NO_MATCH``.
- Avoid printing warnings to stderr when GnomeKeyring is not available.
* Secret Service backend:
- Use a better label for passwords, the same as GNOME Keyring backend uses.
---
1.5
---
* SecretService: allow deleting items created using previous python-keyring
versions.
Before the switch to secretstorage, python-keyring didn't set "application"
attribute. Now in addition to supporting searching for items without that
attribute, python-keyring also supports deleting them.
* Use ``secretstorage.get_default_collection`` if it's available.
On secretstorage 1.0 or later, python-keyring now tries to create the
default collection if it doesn't exist, instead of just raising the error.
* Improvements for tests, including fix for Issue #102.
---
1.4
---
* Switch GnomeKeyring backend to use native libgnome-keyring via
GObject Introspection, not the obsolete python-gnomekeyring module.
---
1.3
---
* Use the `SecretStorage library <https://pypi.python.org/pypi/SecretStorage>`_
to implement the Secret Service backend (instead of using dbus directly).
Now the keyring supports prompting for and deleting passwords. Fixes #69,
#77, and #93.
* Catch `gnomekeyring.IOError` per the issue `reported in Nova client
<https://bugs.launchpad.net/python-novaclient/+bug/1116302>`_.
* Issue #92 Added support for delete_password on Mac OS X Keychain.
-----
1.2.3
-----
* Fix for Encrypted File backend on Python 3.
* Issue #97 Improved support for PyPy.
-----
1.2.2
-----
* Fixed handling situations when user cancels kwallet dialog or denies access
for the app.
-----
1.2.1
-----
* Fix for kwallet delete.
* Fix for OS X backend on Python 3.
* Issue #84: Fix for Google backend on Python 3 (use of raw_input not caught
by 2to3).
---
1.2
---
* Implemented delete_password on most keyrings. Keyring 2.0 will require
delete_password to implement a Keyring. Fixes #79.
-----
1.1.2
-----
* Issue #78: pyfilesystem backend now works on Windows.
-----
1.1.1
-----
* Fixed MANIFEST.in so .rst files are included.
---
1.1
---
This is the last build that will support installation in a pure-distutils
mode. Subsequent releases will require setuptools/distribute to install.
Python 3 installs have always had this requirement (for 2to3 install support),
but starting with the next minor release (1.2+), setuptools will be required.
Additionally, this release has made some substantial refactoring in an
attempt to modularize the backends. An attempt has been made to maintain 100%
backward-compatibility, although if your library does anything fancy with
module structure or clasess, some tweaking may be necessary. The
backward-compatible references will be removed in 2.0, so the 1.1+ releases
represent a transitional implementation which should work with both legacy
and updated module structure.
* Added a console-script 'keyring' invoking the command-line interface.
* Deprecated _ExtensionKeyring.
* Moved PasswordSetError and InitError to an `errors` module (references kept
for backward-compatibility).
* Moved concrete backend implementations into their own modules (references
kept for backward compatibility):
- OSXKeychain -> backends.OS_X.Keyring
- GnomeKeyring -> backends.Gnome.Keyring
- SecretServiceKeyring -> backends.SecretService.Keyring
- KDEKWallet -> backends.kwallet.Keyring
- BasicFileKeyring -> backends.file.BaseKeyring
- CryptedFileKeyring -> backends.file.EncryptedKeyring
- UncryptedFileKeyring -> backends.file.PlaintextKeyring
- Win32CryptoKeyring -> backends.Windows.EncryptedKeyring
- WinVaultKeyring -> backends.Windows.WinVaultKeyring
- Win32CryptoRegistry -> backends.Windows.RegistryKeyring
- select_windows_backend -> backends.Windows.select_windows_backend
- GoogleDocsKeyring -> backends.Google.DocsKeyring
- Credential -> keyring.credentials.Credential
- BaseCredential -> keyring.credentials.SimpleCredential
- EnvironCredential -> keyring.credentials.EnvironCredential
- GoogleEnvironCredential -> backends.Google.EnvironCredential
- BaseKeyczarCrypter -> backends.keyczar.BaseCrypter
- KeyczarCrypter -> backends.keyczar.Crypter
- EnvironKeyczarCrypter -> backends.keyczar.EnvironCrypter
- EnvironGoogleDocsKeyring -> backends.Google.KeyczarDocsKeyring
- BasicPyfilesystemKeyring -> backends.pyfs.BasicKeyring
- UnencryptedPyfilesystemKeyring -> backends.pyfs.PlaintextKeyring
- EncryptedPyfilesystemKeyring -> backends.pyfs.EncryptedKeyring
- EnvironEncryptedPyfilesystemKeyring -> backends.pyfs.KeyczarKeyring
- MultipartKeyringWrapper -> backends.multi.MultipartKeyringWrapper
* Officially require Python 2.5 or greater (although unofficially, this
requirement has been in place since 0.10).
---
1.0
---
This backward-incompatible release attempts to remove some cruft from the
codebase that's accumulated over the versions.
* Removed legacy file relocation support. `keyring` no longer supports loading
configuration or file-based backends from ~. If upgrading from 0.8 or later,
the files should already have been migrated to their new proper locations.
If upgrading from 0.7.x or earlier, the files will have to be migrated
manually.
* Removed CryptedFileKeyring migration support. To maintain an existing
CryptedFileKeyring, one must first upgrade to 0.9.2 or later and access the
keyring before upgrading to 1.0 to retain the existing keyring.
* File System backends now create files without group and world permissions.
Fixes #67.
------
0.10.1
------
* Merged 0.9.3 to include fix for #75.
----
0.10
----
* Add support for using `Keyczar <http://www.keyczar.org/>`_ to encrypt
keyrings. Keyczar is "an open source cryptographic toolkit designed to make
it easier and safer for developers to use cryptography in their
applications."
* Added support for storing keyrings on Google Docs or any other filesystem
supported by pyfilesystem.
* Fixed issue in Gnome Keyring when unicode is passed as the service name,
username, or password.
* Tweaked SecretService code to pass unicode to DBus, as unicode is the
preferred format.
* Issue #71 - Fixed logic in CryptedFileKeyring.
* Unencrypted keyring file will be saved with user read/write (and not group
or world read/write).
-----
0.9.3
-----
* Ensure migration is run when get_password is called. Fixes #75. Thanks to
Marc Deslauriers for reporting the bug and supplying the patch.
-----
0.9.2
-----
* Keyring 0.9.1 introduced a whole different storage format for the
CryptedFileKeyring, but this introduced some potential compatibility issues.
This release incorporates the security updates but reverts to the INI file
format for storage, only encrypting the passwords and leaving the service
and usernames in plaintext. Subsequent releases may incorporate a new
keyring to implement a whole-file encrypted version. Fixes #64.
* The CryptedFileKeyring now requires simplejson for Python 2.5 clients.
-----
0.9.1
-----
* Fix for issue where SecretServiceBackend.set_password would raise a
UnicodeError on Python 3 or when a unicode password was provided on Python
2.
* CryptedFileKeyring now uses PBKDF2 to derive the key from the user's
password and a random hash. The IV is chosen randomly as well. All the
stored passwords are encrypted at once. Any keyrings using the old format
will be automatically converted to the new format (but will no longer be
compatible with 0.9 and earlier). The user's password is no longer limited
to 32 characters. PyCrypto 2.5 or greater is now required for this keyring.
---
0.9
---
* Add support for GTK 3 and secret service D-Bus. Fixes #52.
* Issue #60 - Use correct method for decoding.
-----
0.8.1
-----
* Fix regression in keyring lib on Windows XP where the LOCALAPPDATA
environment variable is not present.
---
0.8
---
* Mac OS X keyring backend now uses subprocess calls to the `security`
command instead of calling the API, which with the latest updates, no
longer allows Python to invoke from a virtualenv. Fixes issue #13.
* When using file-based storage, the keyring files are no longer stored
in the user's home directory, but are instead stored in platform-friendly
locations (`%localappdata%\Python Keyring` on Windows and according to
the freedesktop.org Base Dir Specification
(`$XDG_DATA_HOME/python_keyring` or `$HOME/.local/share/python_keyring`)
on other operating systems). This fixes #21.
*Backward Compatibility Notice*
Due to the new storage location for file-based keyrings, keyring 0.8
supports backward compatibility by automatically moving the password
files to the updated location. In general, users can upgrade to 0.8 and
continue to operate normally. Any applications that customize the storage
location or make assumptions about the storage location will need to take
this change into consideration. Additionally, after upgrading to 0.8,
it is not possible to downgrade to 0.7 without manually moving
configuration files. In 1.0, the backward compatibilty
will be removed.
-----
0.7.1
-----
* Removed non-ASCII characters from README and CHANGES docs (required by
distutils if we're to include them in the long_description). Fixes #55.
---
0.7
---
* Python 3 is now supported. All tests now pass under Python 3.2 on
Windows and Linux (although Linux backend support is limited). Fixes #28.
* Extension modules on Mac and Windows replaced by pure-Python ctypes
implementations. Thanks to Jerome Laheurte.
* WinVaultKeyring now supports multiple passwords for the same service. Fixes
#47.
* Most of the tests don't require user interaction anymore.
* Entries stored in Gnome Keyring appears now with a meaningful name if you try
to browser your keyring (for ex. with Seahorse)
* Tests from Gnome Keyring no longer pollute the user own keyring.
* `keyring.util.escape` now accepts only unicode strings. Don't try to encode
strings passed to it.
-----
0.6.2
-----
* fix compiling on OSX with XCode 4.0
-----
0.6.1
-----
* Gnome keyring should not be used if there is no DISPLAY or if the dbus is
not around (https://bugs.launchpad.net/launchpadlib/+bug/752282).
---
0.6
---
* Added `keyring.http` for facilitating HTTP Auth using keyring.
* Add a utility to access the keyring from the command line.
|
|
|
|
pkgsrc change
* Use PLIST_VARS.
* Update hpn-patch based on openssh-6.5p1-hpnssh14v4.diff.gz.
Fixes security problem (SA57488).
For full changes, please refer below release notes.
http://www.openssh.com/txt/release-6.5
http://www.openssh.com/txt/release-6.6
|
|
* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
key directly if SkipPublicKey is used [OPENDNSSEC-574].
* OPENDNSSEC-358: ods-ksmutil:Extend 'key list' command with options to filter
on key type and state. This allows keys in the GENERATE and DEAD state to be
output.
* OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output
type parameter to allow only File or DNS.
* OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals
derived from unsigned delegations (be compatible with servers that are
incompatible with RFC 5155 errata 3441).
* Make/build: Include README.md in dist tar-ball.
Bugfixes:
* SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
* SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
[OPENDNSSEC-526].
* SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
[OPENDNSSEC-529].
* SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
* SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
[OPENDNSSEC-520].
* SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain
dates [OPENDNSSEC-553].
* SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
* SUPPORT-127: ods-signer: Fix manpage sections.
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
* OPENDNSSEC-531: ods-ksmutil: Exported value of <Parent><SOA><TTL> in
'policy export' output could be wrong on MySQL.
* OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
* OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
request with EDNS.
* OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation
and alloctaion.
* OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
* Signer Engine: Fix a race condition when stopping daemon.
|
|
|
|
|
|
|
|
made the conditional more robust.
Fixes at least "make describe", let's see if it helps for the bulk build.
|
|
|
|
|
|
Add test target and most of the needed dependencies.
(Two more packages ready, will be added after the freeze.)
Bump PKGREVISION.
|
|
to include d1_meth.c.
Based on upstream patch from
https://gist.github.com/reaperhulk/5e4d3d30ac1598473206
|
|
Fix PLIST issues on different compilers.
|
|
Thanks, gdt.
|
|
pulled in during an attempt to autobuild it because it was missing).
Ride PKGREVISION bump from a few minutes ago.
|
|
|
|
cryptography is a package designed to expose cryptographic recipes
and primitives to Python developers. Our goal is for it to be your
"cryptographic standard library".
cryptography includes both high level recipes, and low level
interfaces to common cryptographic algorithms such as symmetric
ciphers, message digests and key derivation functions.
Comitted during the freeze since py-OpenSSL needs it.
|
|
py-OpenSSL 0.14 started depending on six, but this package didn't, so
"import OpenSSL" failed. Confusingly, this led to build failures in
tahoe-lafs because somehow setuptools determined six was needed and
tried to download it.
After this commit, "make test" in py-OpenSSL still fails; it tries to download
"cryptography" and "cffi".
|
