| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This is the reference C implementation of Argon2, the password-hashing
function that won the Password Hashing Competition (PHC).
You should use Argon2 whenever you need to hash passwords for
credential storage, key derivation, or other applications.
There are two main versions of Argon2, Argon2i and Argon2d. Argon2i
is the safest against side-channel attacks, while Argon2d provides
the highest resistance against GPU cracking attacks.
Argon2i and Argon2d are parametrized by
* A time cost, which defines the amount of computation realized
and therefore the execution time, given in number of iterations
* A memory cost, which defines the memory usage, given in kibibytes
* A parallelism degree, which defines the number of parallel threads
|
|
krb5-config script, fixing SLES according to sobukus on IRC.
|
|
gnupg-2.1.9:
* gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate). New
option --print-dane-records.
* gpg: Fix for a problem with PGP-2 keys in a keyring.
* gpg: Fail with an error instead of a warning if a modern cipher
algorithm is used without a MDC.
* agent: New option --pinentry-invisible-char.
* agent: Always do a RSA signature verification after creation.
* agent: Fix a regression in ssh-add-ing Ed25519 keys.
* agent: Fix ssh fingerprint computation for nistp384 and EdDSA.
* agent: Fix crash during passprase entry on some platforms.
* scd: Change timeout to fix problems with some 2.1 cards.
* dirmngr: Displayed name is now Key Acquirer.
* dirmngr: Add option --keyserver. Deprecate that option for gpg.
Install a dirmngr.conf file from a skeleton for new installations.
gnupg-2.1.8:
* gpg: Sending very large keys to the keyservers works again.
* gpg: Validity strings in key listings are now again translatable.
* gpg: Emit FAILURE status lines to help GPGME.
* gpg: Does not anymore link to Libksba to reduce dependencies.
* gpgsm: Export of secret keys via Assuan is now possible.
* agent: Raise the maximum passphrase length from 100 to 255 bytes.
* agent: Fix regression using EdDSA keys with ssh.
* Does not anymore use a build timestamp by default.
* The fallback encoding for broken locale settings changed
from Latin-1 to UTF-8.
* Many code cleanups and improved internal documentation.
* Various minor bug fixes.
gnupg-2.1.7:
* gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used.
* gpg: In the --edit-key menu: Removed the need for "toggle", changed
how secret keys are indicated, new commands "fpr *" and "grip".
* gpg: More fixes related to legacy keys in a keyring.
* gpgv: Does now also work with a "trustedkeys.kbx" file.
* scd: Support some feature from the OpenPGP card 3.0 specs.
* scd: Improved ECC support
* agent: New option --force for the DELETE_KEY command.
* w32: Look for the Pinentry at more places.
* Dropped deprecated gpgsm-gencert.sh
* Various other bug fixes.
|
|
|
|
in the ejabberd 15.10 update that follows.
|
|
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
Changes since previous version:
+ fix a bug where SHA512 case was missed in the digest_get_prefix()
function. Bug and fix from Felix Lange.
|
|
|
|
|
|
ok tnn@ re: options.mk v 1.3
|
|
fix the build yet, an additional patch to remove LD_LIBRARY_PATH is required
but needs wider testing.
|
|
want 2.0 to be the default, despite not supporting the latest crypto.
|
|
SmartOS for 64bit builds.
|
|
1.0.2 - 2015-09-27
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
of assertions to check response codes where our tests could not trigger a
failure. However, when Python is run with ``-O`` these asserts are optimized
away. If a user ran Python with this flag and got an invalid response code
this could result in undefined behavior or worse. Accordingly, all response
checks from the OpenSSL backend have been converted from ``assert``
to a true function call. Credit **Emilia Käsper (Google Security Team)**
for the report.
|
|
the package needs an update.
|
|
|
|
|
|
|
|
running with ABI=32 on a 64-bit native host.
|
|
Bump PKGREVISION as this removes dirmngr_ldap from default PLIST.
|
|
|
|
Upstream changes:
[Changes for 0.79 - Mon May 18 23:02:11 CST 2015]
* Restore "cpansign --skip" functionality.
Contributed by: CLOOS
[Changes for 0.78 - Thu Apr 9 16:58:27 CST 2015]
* Fix verify() use from cpanm and CPAN.pm.
Contributed by: ANDK
[Changes for 0.77 - Wed Apr 8 19:36:50 CST 2015]
* Include the latest public keys of PAUSE, ANDK and AUDREYT.
* Clarify scripts/cpansign copyright to CC0.
Reported by: @pghmcfc
[Changes for 0.76 - Wed Apr 8 18:05:48 CST 2015]
* Fix signature tests by defaulting to verify(skip=>1)
when $ENV{TEST_SIGNATURE} is true.
Reported by: @pghmcfc
[Changes for 0.75 - Tue Apr 7 04:56:09 CST 2015]
Two more issues reported by John Lightsey:
* Update ChangeLog.
* More protection of @INC from relative paths.
Fix various issues reported by John Lightsey:
[Changes for 0.74 - Tue Apr 7 02:39:14 CST 2015]
Fix various issues reported by John Lightsey:
* Fix GPG signature parsing logic.
* MANIFEST.SKIP is no longer consulted unless --skip is given.
* Properly use open() modes to avoid injection attacks.
|
|
is not, from what I can tell by building and using (also from the repo),
broken under py3x. Therefore, dependencies marked as broken under py3x due to
paramiko will be unmarked (unless they are broken for lack of py3x support).
From sites/www/changelog.rst:
:support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch.
:support:`516 backported` Document ~paramiko.agent.AgentRequestHandler. Thanks to @toejough for report & suggestions.
:bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI support (note: this includes switching from PyCrypo's Random to os.urandom). Thanks to Anselm Kruis for catch & patch.
:bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout functionality to address hangs from dropped network connections and/or failed handshakes. Credit to @vazir and @dacut for the original patches and to Olle Lundberg for reimplementation.
:bug:`490` Skip invalid/unparseable lines in known_hosts files, instead of raising ~paramiko.ssh_exception.SSHException. This brings Paramiko's behavior more in line with OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin Topholm.
:bug:`404` Print details when displaying ~paramiko.ssh_exception.BadHostKeyException objects (expected vs received data) instead of just "hey shit broke". Patch credit: Loic Dachary.
:bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner of the cherry-pick lottery.
:bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port which caused OverFlowError (and other symptoms) in SFTP functionality. Thanks to @dboreham for leading the troubleshooting charge, and to Scott Maxwell for the final patch.
:support:`582` Fix some old setup.py related helper code which was breaking bdist_dumb on Mac OS X. Thanks to Peter Odding for the patch.
:bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 vs IPv6) in case of connection issues; this helps with problems such as hosts which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. Thanks to Dries Desmet for original report and Torsten Landschoff for the foundational patchset.
:bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless TypeError with a human-readable ~paramiko.ssh_exception.AuthenticationException. Credit to Ken Jordan for the fix and Yvan Marques for original report.
|
|
|
|
Add LICENSE
Upstream changes:
Revision 1.64 2014/09/18 12:21:25 ashish
- Applied Fix for RT 68339 (thanks to Todd Rinaldo)
|
|
Changes since 20150919:
+ fixed minor bug in BN_rand() function - used field wasn't set
+ added BN_gcd() function
+ added translation layer in header file, so that library
can be called as a BIGNUM/BN_* replacement if USE_BN_INTERFACE
is defined at compile-time
|
|
2.020 2015/09/20
- support multiple directories in SSL_ca_path as proposed in RT#106711
by dr1027[AT]evocat[DOT]ne. Directories can be given as array or as string
with a path separator, see documentation.
- typos fixed thanks to jwilk https://github.com/noxxi/p5-io-socket-ssl/pull/34
|
|
1.72 2015-09-22
Fixed a problem where SvPVx_nolen was undefined in some versions of
perl. Reported by Karen Etheridge. Replaced with SvPV_nolen.
Fixed a cast warning on Darwin reported by Karen Etheridge.
1.71 2015-09-18
Patch from Ben Kaduk: Conditionalise support for MD4, MD5.
Added support for linking libraries in /usr/local/lib64 for some flavours
of Linux like RH Tikanga.
Fixes to X509_check_host, X509_check_ip, SSL_CTX_set_alpn_protos, and
SSL_set_alpn_protos so they will compile on MSVC and AIX cc. Thanks to
AGRUNDMA.
Fixed typos in documentation for X509_NAME_new and X509_NAME_hash
incorrect version 1.45 instead of 1.55 given.
Version number in META.yml is now quoted per request from Satoshi Yagi.
|
|
Noteworthy changes in version 0.9.6 (2015-09-10)
------------------------------------------------
* Many improvements for the dump tty pinentry.
* Use the standard GTK+-2 text entry widget instead of our outdated
and back-then-it-was-more-secure text widget.
* Use the standard Qt text widget.
* Allow for building a static Qt variant.
* Fix regression in w32 pinentry.
|
|
|
|
|
|
|
|
Avoid using rubyforge.org since it stopped most of services.
|
|
|
|
Allow any number of retries, instead of only up to 3.
Add ruser option, to authenticate as PAM_RUSER instead of PAM_USER,
to allow applications such as 'su' to authenticate as the real user.
Patch from David Mitchell.
Add 'localifdown' option.
|
|
version 20150919
Changes:
+ get rid of unnecessary header inclusion (sys/syslog.h), which gives
problems on HP/UX and is unused
from Tobias Nygren
|
|
And this package does not have header/library files.
|
|
* Do not abuse buildlink3.
* Use GnuPG 2.0 explicitly.
|
|
PERL5_MODULE_TYPE= Module::Install::Bundled
in the hope it fixes PR 50254.
While here, remove API depends line that's lower than what's in
openssl/bl3.mk.
|
|
|
|
|
|
|
|
----------------
* Version 3.3.18 (released 2015-09-12)
** libgnutls: When re-importing CRLs to a trust list ensure that there
no duplicate entries.
** certtool: Removed any arbitrary limits imposed on input file sizes
and maximum number of certificates imported.
** API and ABI modifications:
No changes since last version.
|
|
|
|
functions on Solaris. Check privileges for mlock use on Solaris before
trying to lock the resource buffer.
|
|
|
|
|
|
|
|
Changes since previous version (20150901)
+ Apparently, OS X 10.4 does not have an implementation of le32dec().
Instead, unroll the inline function.
Bug report from Sevan - thanks!
|
