Age | Commit message (Collapse) | Author | Files | Lines |
|
Adapted to buildlink3
No INTERACTIVE_STAGE anymore
Changes sinces 0.17
===================
1.03 2002.12.09
- Makefile.PL now uses ExtUtils::AutoInstall. Thanks to Autrijus Tang
for the note.
- SIGNATURE file now included with distribution.
- Added --version to bin/pgplet, which lists supported ciphers, digests,
etc., along with version information.
- Added Crypt::OpenPGP::KeyBlock::save_armoured, to save an armoured
version of the keyblock (useful for exporting public keys).
- encrypt and verify no longer fail if there are no public keyrings,
in case lookup in a keyserver is desired.
- Added Crypt::OpenPGP::Digest::supported and
Crypt::OpenPGP::Cipher::supported.
- Fixed bug where signed cleartext has \r characters in the header.
1.02 2002.10.12
- encrypt and verify now support auto-retrieval of public keys from
an HKP keyserver, if the keys are not found in the local keyring.
- Added support for the SHA-1 integrity checks on secret keys used
by gnupg 1.0.7. Thanks to Chip Turner for the spot.
- Added a --local-user|-u option to bin/pgplet to support using a
different secret key for signing. Thanks to Joseph Pepin for the
patch.
- new() now accepts Crypt::OpenPGP::KeyRing objects for the PubRing
and SecRing parameters.
- Fixed a bug in decrypt where passing in a "Key" param to decrypt a
message encrypted to multiple recipients did not work. Thanks to
rdailey for the spot.
- ElGamal self-signatures no longer cause an error.
- Added LWP::UserAgent and URI::Escape to prereqs, for keyserver.
- Added Crypt::OpenPGP::Signature::digest accessor. Thanks to Bob
Mathews for the patch.
1.01 2002.07.15
- Added Crypt::OpenPGP::handle, a DWIM wrapper around the other
high-level interface methods. Given data, it determines whether the
data needs to be decrypted, verified, or both. And then it does what
it's supposed to do.
- Added Crypt::OpenPGP::Signature::timestamp to return the created-on
time for a signature. Also, Crypt::OpenPGP::decrypt and
Crypt::OpenPGP::verify now return the Crypt::OpenPGP::Signature object
if called in list context (and, in the case of decrypt, if there is
a signature). Thanks to Erik Arneson for the patches.
- Fixed a bug in decrypt with uncompressed encrypted signed data.
Thanks to Erik Arneson for the spot.
- Fixed a bug in Crypt::OpenPGP::Message with clearsigned messages, if
the text and signature were contained in a block of text containing
more PGP messages/signatures.
- Fixed a nasty, evil, stupid compatibility bug with canonical text.
Namely, pgp2 and pgp5 do not trim trailing whitespace from "canonical
text" signatures, only from cleartext signatures. This was causing
invalid signatures which should not have been invalid. Thanks to
Erik Arneson for the spot.
- Added Crypt::OpenPGP::KeyServer, which does lookups against an HKP
keyserver.
1.00 2002.02.26
- CAST5 is now supported thanks to Crypt::CAST5_PP from Bob Mathews.
- bin/pgplet now supports encrypting and decrypting symmetrically-
encrypted messages.
- The PassphraseCallback argument to Crypt::OpenPGP::decrypt can now
be used to supply a callback for symmetrically-encrypted packets,
as well as public-key-encrypted packets.
- Fix a bug with encrypted, signed text--the signature was being
armoured, which led to errors from the process trying to decrypt and
verify.
- Fix a bug with symmetric-encrypted session keys w/r/t generation for
PGP2--PGP2 doesn't understand symmetric-encrypted session keys, so we
need to leave them out when Compat is PGP2. Also, we need to use the
'Simple' S2k rather than the default, 'Salt_Iter'.
- Fix a key generation bug where GnuPG will not import generated public
keys, because the self-signature is invalid; signature needs to be on
key data *and* user ID. Thanks to Joel Rowles for the spot.
- Fix bug in ElGamal encryption and k generation.
0.18 2002.01.29
- Added IsPacketStream parameter to Crypt::OpenPGP::Message; this turns
off armour detection when initializing the message, and can be used
when you *know* that the message is a stream of packets, and not an
ASCII-armoured stream of packets.
- When unarmouring, remove \r characters from the armoured text end
of lines.
- Added Crypt::OpenPGP::KeyRing::save method. Thanks to Ben Xain for
the idea and a patch.
- Added compatibility with symmetric-key-encrypted files that do not
have a symmetric-key session key packet. The assumption with these
encrypted messages is that they are PGP2-encrypted, using the IDEA
cipher, MD5 digests, and a Simple s2k. So that is how the fix has
been implemented. Thanks to Ben Xain for the bug report.
- Win32 fixes: use binmode when reading files that might be binary.
- Added --symmetric and --digest options to Makefile.PL to set
symmetric and digest algorithms when using --sdk.
- Fixed subkey IDs in list-keys with bin/pgplet.
- Check for errors when reading keyring.
|
|
buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
|
|
Changes since 0.0.6:
- A command line tool "gss" added in src/.
- gss_display_status can return multiple description texts (using context).
- The Swedish translation has been updated.
- Various cleanups and improvements.
- Implemented gss_export_name and gss_krb5_inquire_cred_by_mech.
The Kerberos 5 backend also support them.
- gss_inquire_cred support default credentials.
- Kerberos 5 gss_canonicalize_name now support all mandatory name types.
- Kerberos 5 gss_accept_sec_context now support sub-session keys in AP-REQ.
- Added new extended function API: gss_userok.
- API documentation in HTML format from GTK-DOC included in doc/reference/.
- Moved all backend specific code into sub-directories of lib/.
- The gss_duplicate_name function now allocate the output result properly.
- Man pages for all public functions are included.
- Documentation fixes. For example, all official APIs are now documented.
- Fixed typo that broke gss_wrap for 3DES with Kerberos 5.
- Improvements to build environment.
- Autoconf 2.59, Automake 1.8 beta, Libtool CVS used.
|
|
Changes from previous version are:
+ Fix a single byte buffer overflow. Can only be a NUL byte that
overflows, not believed (at this stage!) to be exploitable in any
way.
+ Avoid null-pointer dereference if getpwuid(getuid()) fails.
|
|
Changes since 0.5.3:
* Added versioned symbols.
|
|
of speedup on m68060 machines.
From S.P. Zeidler in PR 24579.
|
|
|
|
Version 1.0.8 (28/02/2004)
- Corrected bug in mutual certificate authentication in SSL 3.0.
- Several other minor bugfixes.
Version 1.0.7 (25/02/2004)
- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack).
- Some updates in the documentation.
|
|
- Added versioned symbols.
|
|
|
|
by request on regional-fr.
Srm is a secure replacement for rm(1). Unlike the standard rm, it overwrites
the data in the target files before unlinkg them. This prevents command-line
recovery of the data by examining the raw block device. It may also help
frustrate physical examination of the disk, although it's unlikely that
completely protects against this type of recovery.
Srm uses algorithms found in _Secure Deletion of Data from Magnetic and
Solid-State Memory_ by Peter Gutmann and THC Secure Delete (the overwrite,
truncate, rename, unlink sequence).
All users, but especially Linux users, should be aware that srm will only
work on file systems that overwrite blocks in place. In particular, it will
_NOT_ work on resiserfs or the vast majority of journaled file systems. It
should work on ext2, FAT-based file systems, and the BSD native file system.
Ext3 users should be especially careful as it can be set to journal data as
well, which is an obvious route to reconstructing information.
|
|
|
|
|
|
|
|
---
ike-scan discovers IKE hosts and can also fingerprint them using the
retransmission backoff pattern.
ike-scan does two things:
a) Discovery: Determine which hosts are running IKE.
This is done by displaying those hosts which respond to the IKE requests
sent by ike-scan.
b) Fingerprinting: Determine which IKE implementation the hosts are using.
This is done by recording the times of the IKE response packets from the
target hosts and comparing the observed retransmission backoff pattern
against known patterns.
The retransmission backoff fingerprinting concept is discussed in more
detail in the UDP backoff fingerprinting paper which should be included
in the ike-scan kit as udp-backoff-fingerprinting-paper.txt.
The program sends IKE main mode requests to the specified hosts and displays
any responses that are received. It handles retry and retransmission with
backoff to cope with packet loss. It also limits the amount of bandwidth
used by the outbound IKE packets.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changes since 0.9.1:
* Support for Extended Key Usage.
* ksba_cms_identify may no return a pseudo content type for pkcs#12
files.
* Cleaned up the DN label table.
* Fixed a bug in creating CMS signed data.
* Interface changes:
ksba_reader_clear NEW.
ksba_cert_get_ext_key_usages NEW.
KSBA_CT_PKCS12 NEW.
|
|
|
|
Changes since 1.1.90:
- Included a limited implementation of RFC2268.
- Changed API of the gcry_ac_ functions.
- Code cleanups and minor bug fixes.
- Interface changes:
GCRY_CIPHER_RFC2268_40 NEW.
gcry_ac_data_set CHANGED: New argument FLAGS.
gcry_ac_data_get_name CHANGED: New argument FLAGS.
gcry_ac_data_get_index CHANGED: New argument FLAGS.
cry_ac_key_pair_generate CHANGED: New and reordered arguments.
gcry_ac_key_test CHANGED: New argument HANDLE.
gcry_ac_key_get_nbits CHANGED: New argument HANDLE.
gcry_ac_key_get_grip CHANGED: New argument HANDLE.
gcry_ac_data_search REMOVED.
gcry_ac_data_add REMOVED.
GCRY_AC_DATA_FLAG_NO_BLINDING REMOVED.
GCRY_AC_FLAG_NO_BLINDING NEW: Replaces above.
|
|
|
|
address.
|
|
OpenSSL is in ${LOCALBASE} (e.g., PREFER_PKGSRC=openssl), as found
in Krister's bulk build. From jlam.
|
|
This is a pure Perl implementation of the CAST5 block cipher.
|
|
Taking maintainership.
Needs Math-Pari>=2.001804 and Crypt-Random>=0.33 according to Makefile.PL.
|
|
|
|
Taking maintainership.
Adapted to buildlink3.
Shut up warnings during test with patch-aa.
Updated version requirements according to Makefile.PL.
Changes sinces 1.47
===================
* In ::Key::generate() calls to ::Key::Private::write() and
::Key::Public::write() have been fixed. Thanks to
Lars Rehe <rehe@mail.desy.de> for pointing out this bug.
* Fixed some documentation typos.
* POD documentation for ::Key::[Private|Public].
|
|
|
|
Adapted to buildlink3.
|
|
|
|
|
|
the in-tree kdc.
From Jukka Salmi in PR 24489, ok'd by lukem@.
Bump PKGREVISION to 1.
|
|
it to build.
|
|
|
|
Taking maintainership.
Adapted to buildlink3.
Changes sinces 0.49
===================
* Patch by Dave Paris to fix a limit problem in trialdiv().
|
|
Taking maintainership.
Adapted to buildlink3.
Changes sinces 1.11
===================
* Changed the die() message at provider contruction to include the
name of the provider.
* Updated documentation.
|
|
|
|
Taking maintainership.
Adapted to buildlink3.
Changes sinces 1.01
===================
Patch-ab has been incorparated into the distribution.
|
|
Taking maintainership.
Needs p5-Crypt-Rijndael for running the tests.
Adapted to buildlink3.
Changes sinces 2.02
===================
-Bug fix from Chris Laas to fix custom padding
-Bug fixes from Stephen Waters to fix space padding
-Lots of regression tests from Stephen Waters
-Makes zero-and-one padding compatible with Crypt::Rijndael::MODE_CBC.
-Lots of improvements to padding mechanisms from Stephen Waters
-Patch from Andy Turner <turner@mikomi.org> to allow backward
compatibility with old versions when key length exceeded max.
|
|
be linked in when testing -lreadline usability so that test fails on
Solaris - so pass that lib into configure at the start via the environment.
Also allow optional use of db4 rather that db.
|
|
build-time dependency in buildlink3.mk. Also, buildlink3 and the
new compiler framework obviate the need for fooling around with
${CC}. From jlam.
|
|
|