| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
0.12 2017.06.27
- put function was broken when trying to send 64 Kbyte chunks
send only 8 Kbytes at a time
- offset variable should be 64 bit
|
|
0.77 Feb 15, 2018
- Fix regression broking password authentication (bug report
by Russell Shingleton).
0.76 Feb 8, 2018
- Allow passing "file_from" and "from0" options into "rsync"
(bug report and patch by Slaven Rezic, fixes #rt124357)
- Document how to manipulate port forwardings.
- Rename sample directory to examples (fixes #rt122042
reported by Karen Etheridge).
0.75_02 Jul 18, 2017
- Add support for "master_pty_force" and "get_master_pty_log"
features.
- Add support for "subsystem" feature.
0.75_01 Mar 3, 2017
- Use an opaque digest as the last part of the multiplexing
socket path in order to reduce its size (bug report by
Sombrerero_Loco at PerlMonks).
- Improve ctl_path/ctl_dir handling catching more errors
earlier.
- Add support for stdin_keep_open feature (bug report by
fwalters at PerlMonks).
|
|
**** 1.04 February 15, 2018
Feature
Cryptographic library access re-engineered using PerlXS
directly instead of CPAN Crypt::OpenSSL::(DSA|EDSA|RSA)
distributions which have fallen into disrepair.
|
|
Bump PKGREVISION.
|
|
2.056 2018/02/19
- Intercept - fix creation of serial number: base it on binary digest instead of
treating hex fingerprint as binary. Allow use of own serial numbers again.
- t/io-socket-ip.t - skip test if no IPv6 support on system RT#124464
- update PublicSuffix
2.055 2018/02/15
- use SNI also if hostname was given all-uppercase
- Utils::CERT_create - don't add authority key for issuer since Chrome does
not like this
- Intercept:
- change behavior of code based cache to better support synchronizing
within multiprocess/threaded setups
- don't use counter for serial number but somehow base it on original
certificate in order to avoid conflicts with reuse of serial numbers
after restart
- RT#124431 - better support platforms w/o IPv6
- RT#124306 - spelling fixes in documentation
2.054 2018/01/22
- added missing test certificates to MANIFEST
2.053 2018/01/21
- small behavior fixes
- if SSL_fingerprint is used and matches don't check for OCSP
- Utils::CERT_create - small fixes to properly specific purpose, ability to
use predefined complex purpose but disable some features
- update PublicSuffix
- updates for documentation, especially regarding pitfalls with forking or using
non-blocking sockets. Spelling fixes.
- test fixes and improvements
- stability improvements for live tests
- regenerate certificate in certs/ and make sure they are limited to the
correct purpose. Checkin program used to generate certificates.
- adjust tests since certificates have changed and some tests used
certificates intended for client authentication as server certificates,
which now no longer works
|
|
0.057 2018-01-31
- significant speed-up (more stuff handled on XS level)
- Crypt::Checksum is deprecated in favour of Crypt::Checksum::Adler32|CRC32
|
|
|
|
1.4.1:
Features
Support most of the GGF Extensions
Tooling
Exit successfully when no docs change
Documentation
Fix typo in Name documentation
|
|
|
|
This is Net::SFTP, a module implementing a client for the Secure
File Transfer Protocol.
|
|
Duo two-factor authentication for Unix systems.
|
|
Support building with openssl-1.1.
|
|
|
|
Bugfix release.
|
|
|
|
This switch is meant to be used by packages requiring an implementation of the
former libusb (as in devel/libusb). The original implementation can be
chosen by setting LIBUSB_TYPE to "native".
The alternative implementation libusb-compat (as in devel/libusb-compat) wraps
libusb1 (in devel/libusb1). This implementation can be chosen by setting
LIBUSB_TYPE to "compat". On NetBSD, it has the advantage of not requiring root
privileges to locate and use USB devices without a kernel driver.
This second part switches packages using libusb to this framework. It does not
change compilation options or dependencies at this point.
Compile-tested on most packages affected and available on NetBSD/amd64.
|
|
0.28.0:
- Mainly port to Python 3 (supporting 2.6, 2.7, 3.3, 3.4, 3.5, 3.6)
- Some lame efforts to make setup.py build --openssl work better (needs
more real testing on Mac OS X)
- Fix licence: it is MIT, not BSD
- Fix and add tests for SWIG/_aes.i module
- Improve somehow situation on Mac OS X (some testing, improve setup.py,
testsuite should fully pass)
- Bundle-in unittest2 for Python 2.6 (dealing with the need for
specific version of unittest2 package was too complicated)
- Remove all PGP modules
|
|
|
|
Release 1.12.0:
Enhanced AsyncSSH logging framework to provide detailed logging of events in the connection, channel, key exchange, authentication, sftp, and scp modules. Both high-level information logs and more detailed debug logs are available, and debug logging supports multiple debug levels with different amounts of verboseness. Logger objects are also available on various AsyncSSH classes to allow applications to report their own log events in a manner that can be tied back to a specific SSH connection or channel.
Added support for begin_auth() to be a coroutine, so asynchronous operations can be performed within it to load state needed to perform SSH authentication.
Adjusted key usage flags set on generated X.509 certificates to be more RFC compliant and work around an issue with OpenSSL validation of self-signed non-CA certificates.
Updated key and certificate comment handling to be less sensitive to the encoding of non-ASCII characters. The get_comment() and set_comment() functions now take an optional encoding paramter, defaulting to UTF-8 but allowing for others encodings. There’s also a get_comment_bytes() function to get the comment data as bytes without performing Unicode decoding.
Updated AsyncSSH to be compatible with beta release of Python 3.7.
Updated code to address warnings reported by the latest version of pylint.
Cleaned up various formatting issues in Sphinx documentation.
Significantly reduced time it takes to run unit tests by decreasing the rounds of bcrypt encryption used when unit testing encrypted OpenSSH private keys.
Added support for testing against uvloop in Travis CI.
|
|
Added support for the BoarSSL / Twrch test framework.
Header files now include the ritual mantras that make them compatible with C++.
Better Makefile behaviour with Clang (FreeBSD compatibility).
Worked around a bug of GCC 4.8 and 4.9 in 32-bit x86 mode.
Incoming application data after initiating closure is now properly ignored.
Some instances of (critical) Certificate Policies extensions are now ignored (when it is safe to do so).
Fixed some behavioural bugs with regards to renegotiation (all were failing safe).
Added encoded OID for hash functions in the public API, to help with using RSA signatures in non-SSL contexts.
Fixed bug in AES/CBC decryption on x86 with AES-NI opcode (this was breaking decryption with AES/CBC cipher suites and TLS 1.0 only).
Added an explicit stack buffer initialisation (some provably harmless accesses to uninitialised data were performed, Valgrind was not happy).
Fixed bug in the search tree for the cache of SSL sessions (occasional lock-ups).
Fixed bug in modular reduction in the special field for P-256 (this was infrequently breaking ECDSA signatures).
Added support for exporting keying material (RFC 5705).
Added new general-purpose API for AEAD implementations (in non-SSL contexts) and an AES/GCM implementation that follows that API.
Added a function to forget saved session parameter in the LRU cache.
Added a new ChaCha20 implementation that uses SSE2 on x86 architectures (both 32-bit and 64-bit).
|
|
3.4.11:
Resolved issues
* GH-121. the record list was still not correct due to PEP3147
and __pycache__ directories.
3.4.10:
Resolved issues
* When creating ElGamal keys, the generator wasn't a square residue:
ElGamal encryption done with those keys cannot be secure under
the DDH assumption.
3.4.9:
New features
* More meaningful error messages while importing an ECC key.
Resolved issues
* GH-123 and #125. The SSE2 command line switch was not always passed on 32-bit x86 platforms.
* GH-121. The record list (--record) was not always correctly filled for the
pycryptodomex package.
|
|
Fixes download.
|
|
- When creating an HTTP to HTTPS redirect in Nginx, we now ensure the
Host header of the request is set to an expected value before
redirecting users to the domain found in the header. The previous way
Certbot configured Nginx redirects was a potential security issue
- Fixed a problem where Certbot's Apache plugin could fail HTTP-01
challenges if basic authentication is configured for the domain you
request a certificate for.
- certbot-auto --no-bootstrap now properly tries to use Python 3.4 on
RHEL 6 based systems rather than Python 2.6.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Qt bindings for GPGme
|
|
|
|
New in 2.1.0
- Ported to Qt5 (Qt4 also supported)
- New building system. CMake instead of qmake
- Added CTR symetric cipher support to qca core
- Added no padding encryption algorithm to qca core
- qcatool2 renamed to qcatool
- fixed crash in qcatool when only options provided on command line without
any commands
- Use plugins installation path as hard-coded runtime plugins search path
- Added new functiion pluginPaths
- Added functions to get runtime QCA version
- Fixed 'no watch file' warnings in FileWatch
- Added EME_PKCS1v15_SSL Encryption Algorithm
- New implementation of SafeTimer to prevent crashes
- Updated certificates for unittests
- RSA Keys are permutable, can encrypt with private and decrypt with public
- Add unloadProvider() function for symmetry with insertProvider()
- Overloaded "makeKey" to derive a password depending on a time factor
- Remove pointer to deinit() routine from QCoreApplication at deinitialization
- Fix a couple of crashes where all plugins might not be available
- Fix operating on keys with unrelated expired subkeys
- Fixed timers in Synchronizer class
- Dropped randomunittest
- Fixed many unittests
- qca-gnupg: internal refactoring
- qca-gnupg: try both gpg and gpg2 to find gnupg executable
- qca-gnupg: fixed some encodings problem
- qca-ossl: no DSA_* dl groups in FIPS specification
- qca-ossl: added missed signatures to CRLContext
- qca-ossl: fixed certs time zone
- qca-nss: fixed KeyLenght for Cipher
- qca-botan: fixed getting result size for ciphers
|
|
3.4.8:
New features
* Added a native extension in pure C for modular exponentiation, optimized for SSE2 on x86.
In the process, we drop support for the arbitrary arithmetic library MPIR
on Windows, which is painful to compile and deploy.
The custom modular exponentiation is 130% (160%) slower on an Intel CPU in 32-bit (64-bit) mode,
compared to MPIR. Still, that is much faster that CPython's own `pow()` function which
is 900% (855%) slower than MPIR. Support for the GMP library on Unix remains.
* Added support for *manylinux* wheels.
* Support for Python 3.7.
Resolved issues
* The DSA parameter 'p' prime was created with 255 bits cleared
(but still with the correct strength).
* Not all docs were included in the tar ball.
* ECDSA verification failed for DER encoded signatures.
* Human-friendly messages for padding errors with ECB and CBC.
|
|
The software in this package is a Python module for generating objects that
compute the Cyclic Redundancy Check (CRC). There is no attempt in this package
to explain how the CRC works. There are a number of resources on the web that
give a good explanation of the algorithms.
This package allows the use of any 8, 16, 24, 32, or 64 bit CRC. You can
generate a Python function for the selected polynomial or an instance of the
Crc class which provides the same interface as the md5 and sha modules from the
Python standard library. A Crc class instance can also generate C/C++ source
code that can be used in another application.
Part of PR pkg/52941.
|
|
## 0.9.3 (January 28th, 2018)
A regression from a feature merge disabled the Nomad secrets backend in 0.9.2.
This release re-enables the Nomad secrets backend; it is otherwise identical to
0.9.2.
## 0.9.2 (January 26th, 2018)
SECURITY:
* Okta Auth Backend: While the Okta auth backend was successfully verifying
usernames and passwords, it was not checking the returned state of the
account, so accounts that had been marked locked out could still be used to
log in. Only accounts in SUCCESS or PASSWORD_WARN states are now allowed.
* Periodic Tokens: A regression in 0.9.1 meant that periodic tokens created by
the AppRole, AWS, and Cert auth backends would expire when the max TTL for
the backend/mount/system was hit instead of their stated behavior of living
as long as they are renewed. This is now fixed; existing tokens do not have
to be reissued as this was purely a regression in the renewal logic.
* Seal Wrapping: During certain replication states values written marked for
seal wrapping may not be wrapped on the secondaries. This has been fixed,
and existing values will be wrapped on next read or write. This does not
affect the barrier keys.
DEPRECATIONS/CHANGES:
* `sys/health` DR Secondary Reporting: The `replication_dr_secondary` bool
returned by `sys/health` could be misleading since it would be `false` both
when a cluster was not a DR secondary but also when the node is a standby in
the cluster and has not yet fully received state from the active node. This
could cause health checks on LBs to decide that the node was acceptable for
traffic even though DR secondaries cannot handle normal Vault traffic. (In
other words, the bool could only convey "yes" or "no" but not "not sure
yet".) This has been replaced by `replication_dr_mode` and
`replication_perf_mode` which are string values that convey the current
state of the node; a value of `disabled` indicates that replication is
disabled or the state is still being discovered. As a result, an LB check
can positively verify that the node is both not `disabled` and is not a DR
secondary, and avoid sending traffic to it if either is true.
* PKI Secret Backend Roles parameter types: For `ou` and `organization`
in role definitions in the PKI secret backend, input can now be a
comma-separated string or an array of strings. Reading a role will
now return arrays for these parameters.
* Plugin API Changes: The plugin API has been updated to utilize golang's
context.Context package. Many function signatures now accept a context
object as the first parameter. Existing plugins will need to pull in the
latest Vault code and update their function signatures to begin using
context and the new gRPC transport.
FEATURES:
* **gRPC Backend Plugins**: Backend plugins now use gRPC for transport,
allowing them to be written in other languages.
* **Brand New CLI**: Vault has a brand new CLI interface that is significantly
streamlined, supports autocomplete, and is almost entirely backwards
compatible.
* **UI: PKI Secret Backend (Enterprise)**: Configure PKI secret backends,
create and browse roles and certificates, and issue and sign certificates via
the listed roles.
IMPROVEMENTS:
* auth/aws: Handle IAM headers produced by clients that formulate numbers as
ints rather than strings [GH-3763]
* auth/okta: Support JSON lists when specifying groups and policies [GH-3801]
* autoseal/hsm: Attempt reconnecting to the HSM on certain kinds of issues,
including HA scenarios for some Gemalto HSMs.
(Enterprise)
* cli: Output password prompts to stderr to make it easier to pipe an output
token to another command [GH-3782]
* core: Report replication status in `sys/health` [GH-3810]
* physical/s3: Allow using paths with S3 for non-AWS deployments [GH-3730]
* physical/s3: Add ability to disable SSL for non-AWS deployments [GH-3730]
* plugins: Args for plugins can now be specified separately from the command,
allowing the same output format and input format for plugin information
[GH-3778]
* secret/pki: `ou` and `organization` can now be specified as a
comma-separated string or an array of strings [GH-3804]
* plugins: Plugins will fall back to using netrpc as the communication protocol
on older versions of Vault [GH-3833]
BUG FIXES:
* auth/(approle,aws,cert): Fix behavior where periodic tokens generated by
these backends could not have their TTL renewed beyond the system/mount max
TTL value [GH-3803]
* auth/aws: Fix error returned if `bound_iam_principal_arn` was given to an
existing role update [GH-3843]
* core/sealwrap: Speed improvements and bug fixes (Enterprise)
* identity: Delete group alias when an external group is deleted [GH-3773]
* legacymfa/duo: Fix intermittent panic when Duo could not be reached
[GH-2030]
|
|
3.0.5
* Fix #17 & #58: use AES256 for CA key
* Also, don't use read -s, use stty -echo
3.0.4
* Remove use of egrep (#154)
* Integrate with Travis-CI (#165)
* Remove "local" from variable assignment (#165)
* Other changes related to Travis-CI fixes
* Assign values to variables defined previously w/local
* Finally(?) fix the subjectAltName issues I presented earlier (really
fixes #168
|
|
on 12 Sep 2017 xmlsec-1_2_25 XMLSec release 1.2.25
on 20 Apr 2017 xmlsec-1_2_24 XMLSec release 1.2.24
2016-10-15 Aleksey Sanin <aleksey@aleksey.com>
* 1.2.23 release
2016-10-14 Aleksey Sanin <aleksey@aleksey.com>
* Fixed gcrypto RSA/DSA keys params ordering
2016-10-12 Aleksey Sanin <aleksey@aleksey.com>
* Better X509Data templates
2016-10-07 Aleksey Sanin <aleksey@aleksey.com>
* Fixed memory leak caused by xmlGetProp (patch from Dafan Zhai)
* Fixed KW transforms (overlapping buffer error) for OpenSSL 1.1.0
* Fixed pkg-config detection
2016-09-27 Aleksey Sanin <aleksey@aleksey.com>
* Added initial support OpenSSL 1.1.0 (patch from Andrzej Siewior)
2016-09-19 Aleksey Sanin <aleksey@aleksey.com>
* Fixed signing with RSA SHA2 via mscrypto (patch from PepaRokos)
2016-07-08 Aleksey Sanin <aleksey@aleksey.com>
* Fixed mscrypto undeclared XMLSEC_DEFAULT_CRYPTO (patch from vmiklos)
2016-05-31 Aleksey Sanin <aleksey@aleksey.com>
* Fixed mismatched conditional for XMLSEC_NO_ECDSA (patch from Eric Sproul)
2016-05-20 Aleksey Sanin <aleksey@aleksey.com>
* Fixed openssl cert depth verification param usage (patch from R-Tur)
2016-04-22 Aleksey Sanin <aleksey@aleksey.com>
* Fixed stdin/stdout in xmlsec1 app
2016-04-20 Aleksey Sanin <aleksey@aleksey.com>
* Restored SOAP support for Lasso
* 1.2.22 release
2016-04-12 Aleksey Sanin <aleksey@aleksey.com>
* 1.2.21 release
2016-02-17 Aleksey Sanin <aleksey@aleksey.com>
* Added OOXML Relationships Transform Algorithm (patch from Miklos Vajna)
2016-02-06 Aleksey Sanin <aleksey@aleksey.com>
* Deprecated XMLSEC_CRYPTO define in favor of xmlSecGetDefaultCrypto() function
2016-02-05 Aleksey Sanin <aleksey@aleksey.com>
* Revamped manpages/documentation build to completely pass 'make distcheck' tests
2016-01-28 Aleksey Sanin <aleksey@aleksey.com>
* Added OpenSSL 1.1.0 API support (major refactoring for block ciphers and DSA/ECDSA signatures)
2016-01-28 Aleksey Sanin <aleksey@aleksey.com>
* Migrated to GitHub (https://github.com/lsh123/xmlsec)
2015-03-10 Aleksey Sanin <aleksey@aleksey.com>
* Removed support for legacy OpenSSL 0.9.6 (last release: March, 2004) and 0.9.7 (last release: February, 2007)
2014-10-2014 Aleksey Sanin <aleksey@aleksey.com>
* Added experimental GOST2012 support (patch from Nikolay Shaplov)
2014-06-04 Aleksey Sanin <aleksey@aleksey.com>
* Fixed several compaints from Clang and Coverity (based on patches from Simo Sorce)
2014-02-25 Aleksey Sanin <aleksey@aleksey.com>
* Removed XKMS support -- it was never completed and not worth keeping
2013-05-23 Aleksey Sanin <aleksey@aleksey.com>
* 1.2.20 release
2014-05-23 Aleksey Sanin <aleksey@aleksey.com>
* fix build on MacOSX (bug #680307)
* update certs for examples (bug #674572)
* update test certs to be valid till 2114
* don't create files on xmlsec-mscrypto when loading the key (bug #633924)
* clarify min OpenSSL requirements
2014-05-23 Aleksey Sanin <aleksey@aleksey.com>
* better detect private keys on ext RSA engines (bug #728213)
* fixed CRL check
2014-02-17 Aleksey Sanin <aleksey@aleksey.com>
* fixes for RH 6x
2013-07-19 Aleksey Sanin <aleksey@aleksey.com>
* fixed switch - added missed break keywords (bug #704574)
2013-06-03 Aleksey Sanin <aleksey@aleksey.com>
* fix memory leak in converting cert subject
2013-05-09 Aleksey Sanin <aleksey@aleksey.com>
* disable network access during internal xml transform parser
2013-04-12 Aleksey Sanin <aleksey@aleksey.com>
* fix typo (fixed bug 695605)
2013-03-28 Aleksey Sanin <aleksey@aleksey.com>
* disable ECDSA if needed (Daniel)
2013-03-24 Aleksey Sanin <aleksey@aleksey.com>
* docs rebuild
|
|
Changes:
--------
* Tests can have more than 1 required OS (e.g. Linux OR NetBSD)
* Added 'system-groups' option to profile (Enterprise users)
* Overhaul of default profile and migrate to new style (setting=value)
* Show warning if old profile options are used
* Improved detection of binaries
* New group 'usb' for tests related to USB devices
Tests:
------
* [FILE-6363] - New test for /var/tmp (sticky bit)
* [MAIL-8802] - Added exim4 process name to improve detection of Exim
* [NETW-3030] - Changed name of dhcp client name process and added udhcpc
* [SSH-7408] - Restored UsePrivilegeSeparation
* [TIME-3170] - Added chrony configuration file for NetBSD
|
|
Bump PKGREVISION.
|
|
|
|
Changes not found.
|
|
|
|
|
|
|
|
* gnupg socket support
* better portability
|
|
Bump PKGREVISION.
|
|
|
|
|
|
Security release fixing CVE-2017-12374, CVE-2017-12375, CVE-2017-12376,
CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
Also included are 2 minor fixes to properly detect openssl install locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1# version numbers.
|
|
|
