| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changelog:
Noteworthy changes in version 1.4.20 (2015-12-20)
-------------------------------------------------
* Reject signatures made using the MD5 hash algorithm unless the
new option --allow-weak-digest-algos or --pgp2 are given.
* New option --weak-digest to specify hash algorithms which
should be considered weak.
* Changed default cipher for symmetric-only encryption to AES-128.
* Fix for DoS when importing certain garbled secret keys.
* Improved error reporting for secret subkey w/o corresponding public
subkey.
* Improved error reporting in decryption due to wrong algorithm.
* Fix cluttering of stdout with trustdb info in double verbose mode.
* Pass a DBUS envvar to gpg-agent for use by gnome-keyring.
|
|
|
|
|
|
|
|
Changelog:
Noteworthy changes in version 2.1.10 (2015-12-04)
-------------------------------------------------
* gpg: New trust models "tofu" and "tofu+pgp".
* gpg: New command --tofu-policy. New options --tofu-default-policy
and --tofu-db-format.
* gpg: New option --weak-digest to specify hash algorithms which
should be considered weak.
* gpg: Allow the use of multiple --default-key options; take the last
available key.
* gpg: New option --encrypt-to-default-key.
* gpg: New option --unwrap to only strip the encryption layer.
* gpg: New option --only-sign-text-ids to exclude photo IDs from key
signing.
* gpg: Check for ambigious or non-matching key specification in the
config file or given to --encrypt-to.
* gpg: Show the used card reader with --card-status.
* gpg: Print export statistics and an EXPORTED status line.
* gpg: Allow selecting subkeys by keyid in --edit-key.
* gpg: Allow updating the expiration time of multiple subkeys at
once.
* dirmngr: New option --use-tor. For full support this requires
libassuan version 2.4.2 and a patched version of libadns
(e.g. adns-1.4-g10-7 as used by the standard Windows installer).
* dirmngr: New option --nameserver to specify the nameserver used in
Tor mode.
* dirmngr: Keyservers may again be specified by IP address.
* dirmngr: Fixed problems in resolving keyserver pools.
* dirmngr: Fixed handling of premature termination of TLS streams so
that large numbers of keys can be refreshed via hkps.
* gpg: Fixed a regression in --locate-key [since 2.1.9].
* gpg: Fixed another bug for keyrings with legacy keys.
* gpgsm: Allow combinations of usage flags in --gen-key.
* Make tilde expansion work with most options.
* Many other cleanups and bug fixes.
|
|
Changelog:
Noteworthy changes in version 2.4.2 (2015-12-02) [C7/A7/R2]
------------------------------------------------
* The nPth version of the connect system hook does now wrap the call
with npth_unprotec/npth_protect to avoid blocking during a connect.
* Add feature to assuan_sock_connect_byname to test for SOCKS5
availability.
Noteworthy changes in version 2.4.1 (2015-11-23) [C7/A7/R1]
------------------------------------------------
* In Tor mode fallback to port 9150 if 9050 is not listening.
* Allow building with older mingw-w64 versions.
Noteworthy changes in version 2.4.0 (2015-11-03) [C7/A7/R0]
------------------------------------------------
* New flags "socks" and "tor-mode" for assuan_sock_{set,get}_flag.
* New function assuan_sock_connect_byname.
* Require at least libgpg-error 1.17.
* Interface changes relative to the 2.3.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
assuan_sock_connect_byname NEW.
ASSUAN_SOCK_TOR NEW.
ASSUAN_SOCK_SOCKS NEW.
assuan_sock_set_flag EXTENDED.
assuan_sock_get_flag EXTENDED.
Noteworthy changes in version 2.3.0 (2015-08-28) [C6/A6/R0]
------------------------------------------------
* Now wipes out the memory of the context structure before freeing.
The context may have stored sensitive data in its line buffers.
* Fixed a problem with the data length limit in assuan_inquire.
* Returns GPG_ERR_SOURCE_ASSUAN with errors from functions w/o a
context.
* Two new functions to tweak the behaviour of the socket wrappers.
* Experimental code to support Cygwin's local sockets.
* By default build without a build timestamp.
* Interface changes relative to the 2.2.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
assuan_sock_set_flag NEW.
assuan_sock_get_flag NEW.
|
|
|
|
Noteworthy changes in version 0.9.7 (2015-12-07)
------------------------------------------------
* Fix regressions in the Qt pinentry.
* Fix minor problems pinnetyr-tty.
* New option --invisible-char.
|
|
Noteworthy changes in version 1.21 (2015-12-12) [C17/A17/R0]
-----------------------------------------------
* New functions gpgrt_poll and gpgrt_set_nonblock. For now only
pipes and sockets on Unix are supported.
* Fixes gettext output encoding problems on Windows.
* Interface changes relative to the 1.20 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgrt_set_nonblock NEW.
gpgrt_get_nonblock NEW.
gpgrt_poll NEW.
gpgrt_poll_t NEW type.
es_poll_t NEW type.
es_set_nonblock NEW macro.
es_get_nonblock NEW macro.
es_poll NEW macro.
GPG_ERR_TRUE NEW.
GPG_ERR_FALSE NEW.
GPG_ERR_NO_NAME NEW.
GPG_ERR_NO_KEY NEW.
GPG_ERR_SERVER_FAILED NEW.
|
|
1.1.2 - 2015-12-10
~~~~~~~~~~~~~~~~~~
* Fixed a SIGBUS crash with the OS X wheels caused by redefinition of a
method.
* Fixed a runtime error ``undefined symbol EC_GFp_nistp224_method`` that
occurred with some OpenSSL installations.
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2e.
|
|
|
|
## 1.8.1
* Change license to MIT, thanks to all the patient contributors who gave
their permissions.
## 1.8.0
* add SSHKit::Backend::ConnectionPool#close_connections
[PR #285](https://github.com/capistrano/sshkit/pull/285)
@akm
* Clean up rubocop lint warnings
[PR #275](https://github.com/capistrano/sshkit/pull/275)
@cshaffer
* Prepend unused parameter names with an underscore
* Prefer “safe assignment in condition”
* Disambiguate regexp literals with parens
* Prefer `sprintf` over `String#%`
* No longer shadow `caller_line` variable in `DeprecationLogger`
* Rescue `StandardError` instead of `Exception`
* Remove useless `private` access modifier in `TestAbstract`
* Disambiguate block operator with parens
* Disambiguate between grouped expression and method params
* Remove assertion in `TestHost#test_assert_hosts_compare_equal` that compares something with itself
* Export environment variables and execute command in a subshell.
[PR #273](https://github.com/capistrano/sshkit/pull/273)
@kuon
* Introduce `log_command_start`, `log_command_data`, `log_command_exit` methods on `Formatter`
[PR #257](https://github.com/capistrano/sshkit/pull/257)
@robd
* Deprecate `@stdout` and `@stderr` accessors on `Command`
* Add support for deprecation logging options.
[README](README.md#deprecation-warnings),
[PR #258](https://github.com/capistrano/sshkit/pull/258)
@robd
* Quote environment variable values.
[PR #250](https://github.com/capistrano/sshkit/pull/250)
@Sinjo - Chris Sinjakli
* Simplified formatter hierarchy.
[PR #248](https://github.com/capistrano/sshkit/pull/248)
@robd
* `SimpleText` formatter now extends `Pretty`, rather than duplicating.
* Hide ANSI color escape sequences when outputting to a file.
[README](README.md#output-colors),
[Issue #245](https://github.com/capistrano/sshkit/issues/245),
[PR #246](https://github.com/capistrano/sshkit/pull/246)
@robd
* Now only color the output if it is associated with a tty,
or the `SSHKIT_COLOR` environment variable is set.
* Removed broken support for assigning an `IO` to the `output` config option.
[Issue #243](https://github.com/capistrano/sshkit/issues/243),
[PR #244](https://github.com/capistrano/sshkit/pull/244)
@robd
* Use `SSHKit.config.output = SSHKit::Formatter::SimpleText.new($stdin)` instead
* Added support for `:interaction_handler` option on commands.
[PR #234](https://github.com/capistrano/sshkit/pull/234),
[PR #242](https://github.com/capistrano/sshkit/pull/242)
@robd
* Removed partially supported `TRACE` log level.
[2aa7890](https://github.com/capistrano/sshkit/commit/2aa78905f0c521ad9f697e7a4ed04ba438d5ee78)
@robd
* Add support for the `:strip` option to the `capture` method and strip by default on the `Local` backend.
[PR #239](https://github.com/capistrano/sshkit/pull/239),
[PR #249](https://github.com/capistrano/sshkit/pull/249)
@robd
* The `Local` backend now strips by default to be consistent with the `Netssh` one.
* This reverses change [7d15a9a](https://github.com/capistrano/sshkit/commit/7d15a9aebfcc43807c8151bf6f3a4bc038ce6218) to the `Local` capture API to remove stripping by default.
* If you require the raw, unstripped output, pass the `strip: false` option: `capture(:ls, strip: false)`
* Simplified backend hierarchy.
[PR #235](https://github.com/capistrano/sshkit/pull/235),
[PR #237](https://github.com/capistrano/sshkit/pull/237)
@robd
* Moved duplicate implementations of `make`, `rake`, `test`, `capture`, `background` on to `Abstract` backend.
* Backend implementations now only need to implement `execute_command`, `upload!` and `download!`
* Removed `Printer` from backend hierarchy for `Local` and `Netssh` backends (they now just extend `Abstract`)
* Removed unused `Net::SSH:LogLevelShim`
* Removed dependency on the `colorize` gem. SSHKit now implements its own ANSI color logic, with no external dependencies. Note that SSHKit now only supports the `:bold` or plain modes. Other modes will be gracefully ignored. [#263](https://github.com/capistrano/sshkit/issues/263)
* New API for setting the formatter: `use_format`. This differs from `format=` in that it accepts options or arguments that will be passed to the formatter's constructor. The `format=` syntax will be deprecated in a future release. [#295](https://github.com/capistrano/sshkit/issues/295)
* SSHKit now immediately raises a `NameError` if you try to set a formatter that does not exist. [#295](https://github.com/capistrano/sshkit/issues/295)
|
|
## 1.8.1
* Change license to MIT, thanks to all the patient contributors who gave
their permissions.
## 1.8.0
* add SSHKit::Backend::ConnectionPool#close_connections
[PR #285](https://github.com/capistrano/sshkit/pull/285)
@akm
* Clean up rubocop lint warnings
[PR #275](https://github.com/capistrano/sshkit/pull/275)
@cshaffer
* Prepend unused parameter names with an underscore
* Prefer “safe assignment in condition”
* Disambiguate regexp literals with parens
* Prefer `sprintf` over `String#%`
* No longer shadow `caller_line` variable in `DeprecationLogger`
* Rescue `StandardError` instead of `Exception`
* Remove useless `private` access modifier in `TestAbstract`
* Disambiguate block operator with parens
* Disambiguate between grouped expression and method params
* Remove assertion in `TestHost#test_assert_hosts_compare_equal` that compares something with itself
* Export environment variables and execute command in a subshell.
[PR #273](https://github.com/capistrano/sshkit/pull/273)
@kuon
* Introduce `log_command_start`, `log_command_data`, `log_command_exit` methods on `Formatter`
[PR #257](https://github.com/capistrano/sshkit/pull/257)
@robd
* Deprecate `@stdout` and `@stderr` accessors on `Command`
* Add support for deprecation logging options.
[README](README.md#deprecation-warnings),
[PR #258](https://github.com/capistrano/sshkit/pull/258)
@robd
* Quote environment variable values.
[PR #250](https://github.com/capistrano/sshkit/pull/250)
@Sinjo - Chris Sinjakli
* Simplified formatter hierarchy.
[PR #248](https://github.com/capistrano/sshkit/pull/248)
@robd
* `SimpleText` formatter now extends `Pretty`, rather than duplicating.
* Hide ANSI color escape sequences when outputting to a file.
[README](README.md#output-colors),
[Issue #245](https://github.com/capistrano/sshkit/issues/245),
[PR #246](https://github.com/capistrano/sshkit/pull/246)
@robd
* Now only color the output if it is associated with a tty,
or the `SSHKIT_COLOR` environment variable is set.
* Removed broken support for assigning an `IO` to the `output` config option.
[Issue #243](https://github.com/capistrano/sshkit/issues/243),
[PR #244](https://github.com/capistrano/sshkit/pull/244)
@robd
* Use `SSHKit.config.output = SSHKit::Formatter::SimpleText.new($stdin)` instead
* Added support for `:interaction_handler` option on commands.
[PR #234](https://github.com/capistrano/sshkit/pull/234),
[PR #242](https://github.com/capistrano/sshkit/pull/242)
@robd
* Removed partially supported `TRACE` log level.
[2aa7890](https://github.com/capistrano/sshkit/commit/2aa78905f0c521ad9f697e7a4ed04ba438d5ee78)
@robd
* Add support for the `:strip` option to the `capture` method and strip by default on the `Local` backend.
[PR #239](https://github.com/capistrano/sshkit/pull/239),
[PR #249](https://github.com/capistrano/sshkit/pull/249)
@robd
* The `Local` backend now strips by default to be consistent with the `Netssh` one.
* This reverses change [7d15a9a](https://github.com/capistrano/sshkit/commit/7d15a9aebfcc43807c8151bf6f3a4bc038ce6218) to the `Local` capture API to remove stripping by default.
* If you require the raw, unstripped output, pass the `strip: false` option: `capture(:ls, strip: false)`
* Simplified backend hierarchy.
[PR #235](https://github.com/capistrano/sshkit/pull/235),
[PR #237](https://github.com/capistrano/sshkit/pull/237)
@robd
* Moved duplicate implementations of `make`, `rake`, `test`, `capture`, `background` on to `Abstract` backend.
* Backend implementations now only need to implement `execute_command`, `upload!` and `download!`
* Removed `Printer` from backend hierarchy for `Local` and `Netssh` backends (they now just extend `Abstract`)
* Removed unused `Net::SSH:LogLevelShim`
* Removed dependency on the `colorize` gem. SSHKit now implements its own ANSI color logic, with no external dependencies. Note that SSHKit now only supports the `:bold` or plain modes. Other modes will be gracefully ignored. [#263](https://github.com/capistrano/sshkit/issues/263)
* New API for setting the formatter: `use_format`. This differs from `format=` in that it accepts options or arguments that will be passed to the formatter's constructor. The `format=` syntax will be deprecated in a future release. [#295](https://github.com/capistrano/sshkit/issues/295)
* SSHKit now immediately raises a `NameError` if you try to set a formatter that does not exist. [#295](https://github.com/capistrano/sshkit/issues/295)
|
|
2.022 2015/12/10
- fix stringification of IPv6 inside subjectAltNames in Utils::CERT_asHash.
Thanks to Mark.Martinec[AT]ijs[DOT]si for reporting in #110253
|
|
Perl Compatible Regular Expressions, revamped on-access scanning
for Linux, and other new features join the many great features of ClamAV:
- Processing of YARA rules(some limitations- see signatures.pdf).
- Support in ClamAV logical signatures for many of the features
added for YARA, such as Perl Compatible Regular Expressions,
alternate strings, and YARA string attributes. See signatures.pdf
for full details.
- New and improved on-access scanning for Linux. See the recent blog
post and clamdoc.pdf for details on the new on-access capabilities.
- A new ClamAV API callback function that is invoked when a virus
is found. This is intended primarily for applications running in
all-match mode. Any applications using all-match mode must use
the new callback function to record and report detected viruses.
- Configurable default password list to attempt zip file decryption.
- TIFF file support.
- Upgrade Windows pthread library to 2.9.1.
- A new signature target type for designating signatures to run
against files with unknown file types.
- Improved fidelity of the "data loss prevention" heuristic
algorithm. Code supplied by Bill Parker.
- Support for LZMA decompression within Adobe Flash files.
- Support for MSO attachments within Microsoft Office 2003 XML files.
- A new sigtool option(--ascii-normalize) allowing signature authors
to more easily generate normalized versions of ascii files.
- Windows installation directories changed from \Program Files\Sourcefire\
ClamAV to \Program Files\ClamAV or \Program Files\ClamAV-x64.
|
|
|
|
KeePassX 2.0 is using the new .kdbx (same as KeePass 2) database
format. You can import your .kdb database from 0.4 from the Database
> Import KeePass 1 database. This is a one-way process though.
You canât migrate back to the .kdb format.
New features include:
Multiple attachments per entry
Add custom key/value pairs to entries
Open multiple database in one window
KeePassX 2.0 has been rewritten from scratch so some features (like
showing expired passwords) are still missing.
|
|
new major version.
KeePass is a free/open-source password manager or safe which helps you to
manage your passwords in a secure way. You can put all your passwords in one
database, which is locked with one master key or a key-disk. So you only have
to remember one single master password or insert the key-disk to unlock the
whole database. The databases are encrypted using the best and most secure
encryption algorithms currently known (AES and Twofish).
This package contains v0.4.x of the program with KeePass v1 database
format (kdb) support.
|
|
2015-Feb-08 v2.8 - Fixed cli_copy bug; refresh paths and ask to save.
Fixed a cli_mv bug; double path-normalization.
Fixed a path display bug, if done after a cli_mv.
Protect users from editing in the $FOUND_DIR.
Keep file opened, read-only, to show up in lsof.
Added inactivity locking (--timeout parameter).
Added shell expansion support to cli_ls, with the
ability to manage _all_ listed entries by number.
Added shell expansion support to cli_mv.
Added [y/N] option to list entries after a find.
2015-Jun-19 v3.0 - Added Password Safe v3 file importing; requires
optional Crypt::PWSafe3 from CPAN.
Added $FORCED_READLINE global variable.
Attachments sanity check; SourceForge bug #17.
Endianness fix in magic_file_type(); SF bug #19.
|
|
|
|
All tests pass.
Crypt::PWSafe3 provides read and write access to password database
files created by Password Safe V3 (and up).
|
|
|
|
due to the default being set later in the environment.
|
|
|
|
Non-Windows CVE mentioned below was already fixed in pkgsrc.
Changes:
Two security flaws have been discovered in KeePassX 0.4.3.
Version 2.0 has a different codebase and is not affected.
* CVE-2015-8359: DLL Preloading vulnerability on Windows
The version of Qt bundled with KeePassX 0.4.3 is vulnerable to
a DDL preloading attack. This vulnerability only affects
KeePassX on Windows. If successfully exploited, arbitrary code
can be executed in the context of KeePassX. KeePassX 0.4.4
ships with Qt 4.8.7 and employs additional hardening measures.
Thanks to Trenton Ivey from SecureWorks for reporting this
vulnerability to us.
* CVE-2015-8378: Canceling XML export function creates export as ".xml"âfile
When canceling the "Export to > KeePassX XML file" function
the cleartext passwords were still exported. In this case the
password database was exported as the file ".xml" in the current
working directory (often $HOME or the directory of the database).
Originally reported as Debian bug #791858
KeePassX 0.4.4 fixes both vulnerabilities.
|
|
|
|
bootstrap-mk-files). OpenSSL specifically checks for CC=gcc before using it as
a makedepend replacement, whereas CC=cc will fall back to requiring a real
'makedepend' which may not be installed. Tested on Linux by kamil@
|
|
pkgsrc changes:
- We now need to run 'make depend' after configure to pick up algorithm
selection changes.
Upstream changes:
Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
*) BN_mod_exp may produce incorrect results on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites.
This issue was reported to OpenSSL by Hanno Böck.
(CVE-2015-3193)
[Andy Polyakov]
*) Certificate verify crash with missing PSS parameter
The signature verification routines will crash with a NULL pointer
dereference if presented with an ASN.1 signature using the RSA PSS
algorithm and absent mask generation function parameter. Since these
routines are used to verify certificate signature algorithms this can be
used to crash any certificate verification operation and exploited in a
DoS attack. Any application which performs certificate verification is
vulnerable including OpenSSL clients and servers which enable client
authentication.
This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
(CVE-2015-3194)
[Stephen Henson]
*) X509_ATTRIBUTE memory leak
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is
affected. SSL/TLS is not affected.
This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
libFuzzer.
(CVE-2015-3195)
[Stephen Henson]
*) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
This changes the decoding behaviour for some invalid messages,
though the change is mostly in the more lenient direction, and
legacy behaviour is preserved as much as possible.
[Emilia Käsper]
*) In DSA_generate_parameters_ex, if the provided seed is too short,
return an error
[Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
|
|
Bump PKGREVISION.
While here, clean up pkglint.
|
|
use php-mysql package.
|
|
2.021 2015/12/02
- Fixes for documentation and typos thanks to DavsX and jwilk.
- Update PublicSuffx with latest version from publicsuffix.org
|
|
|
|
|
|
A HTTPS client implementation for httplib and urllib2 based on
PyOpenSSL. PyOpenSSL provides a more fully featured SSL
implementation over the default provided with Python and
importantly enables full verification of the SSL peer.
|
|
Some of the upstream changes for 0.9.2 :
- various typo in config files
- filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to
ignore system authentication issues
- some fixes for EL7
New features :
- New filters:
- postfix-rbl
- apache-fakegooglebot.conf
- nginx-botsearch
- drupal-auth
- New actions:
- action.d/firewallcmd-multiport and action.d/firewallcmd-allports
- action.d/sendmail-geoip-lines.conf
- action.d/nsupdate to update DNSBL
- New status argument for fail2ban-client
Some of the upstream changes for 0.9.3 :
- IMPORTANT incompatible changes:
* filter.d/roundcube-auth.conf
- Changed logpath to 'errors' log (was 'userlogins')
* action.d/iptables-common.conf
- All calls to iptables command now use -w switch introduced in
iptables 1.4.20 (some distribution could have patched their
earlier base version as well) to provide this locking mechanism
useful under heavy load to avoid contesting on iptables calls.
If you need to disable, define 'action.d/iptables-common.local'
with empty value for 'lockingopt' in `[Init]` section.
* mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines
actions now include by default only the first 1000 log lines in
the emails. Adjust <grepopts> to augment the behavior.
- New Features:
* New filters:
- froxlor-auth - Thanks Joern Muehlencord
- apache-pass - filter Apache access log for successful authentication
* New actions:
- shorewall-ipset-proto6 - using proto feature of the Shorewall.
Still requires manual pre-configuration of the shorewall.
See the action file for detail.
* New jails:
- pass2allow-ftp - allows FTP traffic after successful
HTTP authentication
|
|
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
|
|
[2015/10/06]
* Version 2.5.0
- fixes for compiling for rubinius, at long last
- TESTS
- add a few method aliases
|
|
1.1.1 - 2015-11-19
~~~~~~~~~~~~~~~~~~
* Fixed several small bugs related to compiling the OpenSSL bindings with
unusual OpenSSL configurations.
* Resolved an issue where, depending on the method of installation and
which Python interpreter they were using, users on El Capitan (OS X 10.11)
may have seen an ``InternalError`` on import.
|
|
Provided by csosstudy in PR 50455.
Version 1.0.6
Optimized implementations of Blake2 have been added for modern Intel platforms. crypto_generichash() is now faster than MD5 and SHA1 implementations while being far more secure.
Functions for which the return value should be checked have been tagged with __attribute__ ((warn_unused_result)). This will intentionally break code compiled with -Werror that didn't bother checking critical return values.
The crypto_sign_edwards25519sha512batch_*() functions have been tagged as deprecated.
Undocumented symbols that were exported, but were only useful for internal purposes have been removed or made private: sodium_runtime_get_cpu_features(), the implementation-specific crypto_onetimeauth_poly1305_donna() symbols, crypto_onetimeauth_poly1305_set_implementation(), crypto_onetimeauth_poly1305_implementation_name() and crypto_onetimeauth_pick_best_implementation().
sodium_compare() now works as documented, and compares numbers in little-endian format instead of behaving like memcmp().
The previous changes should not break actual applications, but to be safe, the library version major was incremented.
sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() have been added.
The library can now be compiled with the CompCert compiler.
Version 1.0.5
This release only fixes compilation issues on some platforms.
If 1.0.4 compiled and installed fine on your system, upgrading to this version is not required.
There are no functional changes.
Compilation issues on some platforms were fixed: missing alignment directives were added (required at least on RHEL-6/i386), a workaround for a VRP bug on gcc/armv7 was added, and the library can now be compiled with the SunPro compiler.
Javascript target: io.js is not supported any more. Use nodejs.
Version 1.0.4
Support for AES256-GCM has been added. This requires a CPU with the aesni and pclmul extensions, and is accessible via the crypto_aead_aes256gcm_*() functions.
The Javascript target doesn't use eval() any more, so that the library can be used in Chrome packaged applications.
QNX and CloudABI are now supported.
Support for NaCl has finally been added.
ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has been implemented as crypto_stream_chacha20_ietf(), crypto_stream_chacha20_ietf_xor() and crypto_stream_chacha20_ietf_xor_ic(). An IETF-compatible version of ChaCha20Poly1305 is available as crypto_aead_chacha20poly1305_ietf_npubbytes(), crypto_aead_chacha20poly1305_ietf_encrypt() and crypto_aead_chacha20poly1305_ietf_decrypt().
The sodium_increment() helper function has been added, to increment an arbitrary large number (such as a nonce).
The sodium_compare() helper function has been added, to compare arbitrary large numbers (such as nonces, in order to prevent replay attacks).
Version 1.0.3
In addition to sodium_bin2hex(), sodium_hex2bin() is now a constant-time function.
crypto_stream_xsalsa20_ic() has been added.
crypto_generichash_statebytes(), crypto_auth_*_statebytes() and crypto_hash_*_statebytes() have been added in order to retrieve the size of structures keeping states from foreign languages.
The JavaScript target doesn't require /dev/urandom or an external randombytes() implementation any more. Other minor Emscripten-related improvements have been made in order to support libsodium.js
Custom randombytes implementations do not need to provide their own implementation of randombytes_uniform() any more. randombytes_stir() and randombytes_close() can also be NULL pointers if they are not required.
On Linux, getrandom(2) is being used instead of directly accessing /dev/urandom, if the kernel supports this system call.
crypto_box_seal() and crypto_box_seal_open() have been added.
A solutions for Visual Studio 2015 was added.
|
|
Changelog:
2015-11-07 PuTTY 0.66 released, fixing a SECURITY HOLE
PuTTY 0.66, released today, fixes a security hole in 0.65 and before:
vuln-ech-overflow. It also contains a few other small bug fixes and minor
features.
|
|
|
|
|
|
|
|
|
|
|
|
From upstream via Petar Bogdanovic on pkgsrc-users.
Bump PKGREVISION.
|
|
Pkgsrc changes:
* Adapt patches to match new files.
* Add new migration scripts to PLIST
Upstream changes:
News
* Support for RFC5011 style KSK rollovers. KSK section in the KASP
now accepts element.
* Enforcer: New repository option allows to generate keys with
CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped and
extracted from HSM.
Bugfixes
* SUPPORT-145: EOF handling an ARM architecture caused signer to hang.
* Fixed signer hitting assertion on short reply XFR handler.
* Include revoke bit in keytag calculation.
* Increased stacksize on some systems (thanks Patrik Lundin!).
* Stop ods-signerd on SIGINT.
Note:
* Updating from earlier versions of OpenDNSSEC requires use of the
database migration script(s) included in ${PKG}/share/opendnssec/
as the migrate_1_4_8* scripts.
|
|
pkgsrc changes:
o Simplify MASTER_SITES.
o Get rid of the EGG_NAME redefinition (seems no more needed).
Changes:
2015.09.06.2
o Ship weak cert bundle.
2015.09.06.1
o Provide old cert bundle.
o Use secure roots by defaults.
2015.09.06
o Update scripts to use mkcert.org.
|
|
1.1 - 2015-10-28
~~~~~~~~~~~~~~~~
* Added support for Elliptic Curve Diffie-Hellman with
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`.
* Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`.
* Added support for parsing certificate revocation lists (CRLs) using
:func:`~cryptography.x509.load_pem_x509_crl` and
:func:`~cryptography.x509.load_der_x509_crl`.
* Add support for AES key wrapping with
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`.
* Added a ``__hash__`` method to :class:`~cryptography.x509.Name`.
* Add support for encoding and decoding elliptic curve points to a byte string
form using
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`.
* Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`.
* :class:`~cryptography.x509.CertificatePolicies` are now supported in the
:class:`~cryptography.x509.CertificateBuilder`.
* ``countryName`` is now encoded as a ``PrintableString`` when creating subject
and issuer distinguished names with the Certificate and CSR builder classes.
|
|
if ssh_host_key doesn't exist.
RSA1 support is dead and doesn't exist in the package we generate, hence,
regeneration of the key is executed everytime sshd is started/restarted.
Bump PKGREVISION
Reviewed by wiz@
|
