Age | Commit message (Collapse) | Author | Files | Lines |
|
syntax otherwise -- it has a better chance of working.
|
|
Unbreaks mail/notmuch.
|
|
PuTTY 0.68, released today, supports elliptic-curve cryptography for host
keys, user authentication keys, and key exchange. Also, for the first time,
it comes in a 64-bit Windows version.
This update may create a build issue for non-BSD due to ancient functions
being different on BSD and SYSV. there's always macros if this fails.
|
|
having an empty SUBST_SED returns usage and a non-zero exit value and
the build doesn't continue.
|
|
No changelog from upstream but there is a new acme package for Let's
Encrypt certificates.
|
|
bsiegert@. There's no reason to pollute other operating systems.
Bump PKGREVISION.
|
|
|
|
sqlmap is an open source penetration testing tool that automates
the process of detecting and exploiting SQL injection flaws and
taking over of database servers. It comes with a powerful detection
engine, many niche features for the ultimate penetration tester
and a broad range of switches lasting from database fingerprinting,
over data fetching from the database, to accessing the underlying
file system and executing commands on the operating system via
out-of-band connections.
|
|
1.8.1 - 2017-03-10
~~~~~~~~~~~~~~~~~~
* Fixed macOS wheels to properly link against 1.1.0 rather than 1.0.2.
1.8 - 2017-03-09
~~~~~~~~~~~~~~~~
* Added support for Python 3.6.
* Windows and macOS wheels now link against OpenSSL 1.1.0.
* macOS wheels are no longer universal. This change significantly shrinks the
size of the wheels. Users on macOS 32-bit Python (if there are any) should
migrate to 64-bit or build their own packages.
* Changed ASN.1 dependency from ``pyasn1`` to ``asn1crypto`` resulting in a
general performance increase when encoding/decoding ASN.1 structures. Also,
the ``pyasn1_modules`` test dependency is no longer required.
* Added support for
:meth:`~cryptography.hazmat.primitives.ciphers.CipherContext.update_into` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext`.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.private_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization`.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.public_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization`.
* :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`
now require that ``password`` must be bytes if provided. Previously this
was documented but not enforced.
* Added support for subgroup order in :doc:`/hazmat/primitives/asymmetric/dh`.
|
|
|
|
Fast ASN.1 parser and serializer with definitions for private keys,
public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7, PKCS#8,
PKCS#12, PKCS#5, X.509 and TSP.
|
|
Changes not found, but this comes with new asymmetric DH and DSA files.
|
|
1.6.0 2017-02-26 03:26 UTC
Changelog:
* This release adds GnuPG 2.1 support.
* Internal API has been refactored.
* Fix Bug #21182: Ignore invalid proc_close() exit code
* Fix Bug G#28: Use --batch argument for key imports when no passphrase is
provided.
* Fix Bug #21151: GPG-AGENT process is not automatically closed when using
GnuPG 2.0
* Fix Bug #21152: Ignore time conflicts (by default)
* Fixed Bug #21148: Throw bad-passphrase exception instead of key-not-found
exception on decryption
|
|
bumping any package depending on a pkg with APACHE_PKG_PREFIX but without
APACHE_PKG_PREFIX in its PKGNAME.
|
|
Upstream changes:
2017-01-26 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.12
2017-01-23 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* NAMESPACE: export sha1.function() and sha1.call()
* R/sha1.R:
- sha1() gains methods for the class "function" and "call"
- sha1() gains a ... argument, currently only relevant for
"function"
- sha1() takes arguments into account for hash for complex,
Date and array. Note that this will lead to different
hasheS for these classes and for objects containing
these classes
* man/sha1.rd: update helppage for sha1()
* tests/sha1Test.R: update unit tests for sha1()
2017-01-01 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.11
* R/sha1.R (sha1.anova): Added more #nocov marks
* src/sha2.c (SHA256_Transform): Idem
* tests/AESTest.R (hextextToRaw): Print AES object
* tests/AESTest.Rout.save: Updated
2016-12-08 Dirk Eddelbuettel <edd@debian.org>
* NAMESPACE: Register (and exported) makeRaw S3 methods
* man/makeRaw.Rd: New manual page
* tests/hmacTest.R: Direct call to makeRaw()
* tests/hmacTest.Rout.save: Ditto
* src/digest.c: Additional #nocov tags
* src/xxhash.c: Ditto
2016-12-07 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Rolled minor version
* README.md: Use shields.io badge for codecov
* R/digest.R: Additional #nocov tags
* src/sha2.c: Ditto
* src/raes.c: Ditto
* tests/hmacTest.R: Additional tests
* tests/hmacTest.Rout.save: Ditto
2016-11-30 Dirk Eddelbuettel <edd@debian.org>
* .travis.yml (before_install): Activate PPA as we (currently)
need an updated version of (r-cran)-covr to run coverage
* tests/load-unload.R: Comment-out for now as it upsets coverage
* tests/digestTest.R: Test two more algorithms
* tests/digestTest.Rout.save: Updated reference output
* R/digest.R: Added #nocov tags
* R/zzz.R (.onUnload): Ditto
* src/crc32.c: Ditto
* src/pmurhash.c: Ditto
* src/raes.c: Ditto
* src/sha2.c: Ditto
* src/xxhash.c: Ditto
2016-11-26 Dirk Eddelbuettel <edd@debian.org>
* .travis.yml (after_success): Integrated Jim Hester's suggestion of
activating code coverage sent many moons ago (in PR #12)
* .codecov.yml (comment): Added
* .Rbuildignore: Exclude .codecov.yml
* README.md: Added code coverage badge
2016-10-16 Dirk Eddelbuettel <edd@debian.org>
* R/digest.R (digest): Support 'nosharing' option of base::serialize
as suggested by Radford Neal whose pqR uses this
2016-08-02 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (License): Now GPL (>= 2), cf issue 36 on GH
* README.md: Updated badge accordingly
2016-08-02 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Release 0.6.10
* DESCRIPTION (Description): Shortened to one paragraph
* DESCRIPTION (BugReports): URL to GH issues added
* .travis.yml: Rewritten for run.sh from forked r-travis
2016-07-12 Henrik Bengtsson <hb@aroma-project.org>
* src/digest.c: Correct bug with skip and file parameter interaction
* tests/digestTest.R: Test code
* tests/digestTest.Rout.save: Test reference output
* R/zzz.R: Allow for unloading of shared library
* tests/load-unload.R: Test code
* DESCRIPTION: Rolled minor Version and Date
2016-05-25 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* R/sha1.R: Support for pairlist and name
* tests/sha1Test.R: Support for pairlist and name
* man/sha1.Rd: Support for pairlist, name, complex, array and Date
* NAMESPACE: Support for pairlist, name and array
* DESCRIPTION: bump version number and date
2016-05-01 Viliam Simko <viliam.simko@gmail.com>
* R/sha1.R: Support for complex, Date and array
* tests/sha1Test.R: Ditto
* NAMESPACE: Ditto
2016-04-27 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Author): Add Qiang Kou to Authors
* README.md: Ditto
2016-01-25 Dirk Eddelbuettel <edd@debian.org>
* src/digest.c (digest): Use XLENGTH if R >= 3.0.0 (issue #29)
2016-01-11 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* R/sha1.R: handle empty list and empty dataframe (#issue 27);
take the object class, digits and zapsmall into account (#PR 28)
* vignettes/sha1.Rmd: Small edits to reflect changes is sha1()
2016-01-09 Michel Lang <michellang@gmail.com>
* R/sha1.R: Add a length check to sha1(), use vapply()
|
|
|
|
|
|
This is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a
relatively simple bash-script.
It uses the openssl utility for everything related to
actually handling keys and certificates,
so you need to have that installed.
Other dependencies are: curl, sed, grep, mktemp
(all found on almost any system, curl being the only exception)
|
|
|
|
Ruby Exploitation (Rex) library for generating/manipulating C-Style
structs.
|
|
Unbreak with the Python 3 versions of the package.
Heads up by Daniel Jakots.
|
|
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Bump rev.
Reviewed by: wiz
|
|
The library can also be compiled using MinGW.
Removed use of alloca().
[Security] Removed implementation of deprecated "quick check" feature of PGP block cipher mode.
Improved the performance of scrypt by converting some Python to C.
|
|
Noteworthy changes in version 1.27 (2017-02-28) [C22/A22/R0]
-----------------------------------------------
* Added a Base64 decoder.
* Added support for the sh3 architecture.
* Added header gpgrt.h as an alias for gpg-error.h.
* Fixed macro GPGRT_GCC_VERSION.
* Fixed a race in non-blocking I/O on Windows.
* Interface changes relative to the 1.26 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgrt_b64state_t NEW type.
gpgrt_b64dec_start NEW.
gpgrt_b64dec_proc NEW.
gpgrt_b64dec_finish NEW.
GPG_ERR_WRONG_NAME NEW.
gpgrt.h NEW header.
|
|
Otherwise, there is one nonsensical warning on every openssl invocation.
I have seen dozens of recipes for NetBSD setups, and each one cargo-cults
a "touch openssl.cnf" against that noise.
Bump package revision.
|
|
|
|
** libgnutls: Removed any references to OpenPGP functionality in documentation,
and marked all functions in openpgp.h as deprecated. That functionality
is considered deprecated and should not be used for other reason than
backwards compatibility.
** libgnutls: Improve detection of AVX support. In certain cases when
when the instruction was available on the host, but not on a VM running
gnutls, detection could fail causing illegal instruction usage.
** libgnutls: Added support for IDNA2008 for internationalized DNS names.
If gnutls is compiled using libidn2 (the latest version is recommended),
it will support IDNA2008 instead of the now obsolete IDNA2003 standard.
Resolves gitlab issue 150. Based on patch by Tim Ruehsen.
** p11tool: re-use ID from corresponding objects when writing certificates.
That is, when writing a certificate which has a corresponding public key,
or private key in the token, ensure that we use the same ID for the
certificate.
** API and ABI modifications:
gnutls_idna_map: Added
gnutls_idna_reverse_map: Added
|
|
- Updated gnulib
- Removed -Werror from default compiler flags
- Fixed undefined behavior when negating integers in _asn1_ltostr().
Issue found by oss-fuzz project (via gnutls):
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=388
- Pass the correct length to _asn1_get_indefinite_length_string in
asn1_get_length_ber. This addresses reading 1-byte past the end
of data. Issue found by oss-fuzz project (via gnutls):
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=330
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33
|
|
for good measure.
Bump PKGREVISION.
|
|
|
|
# 20161029
* Argon2id added
* Better documentation
* Dual licensing CC0 / Apache 2.0
* Minor bug fixes (no security issue)
# 20160406
* Version 1.3 of Argon2
* Version number in encoded hash
* Refactored low-level API
* Visibility control for library symbols
* Microsoft Visual Studio solution
* New bindings
* Minor bug and warning fixes (no security issue)
# 20151206
* Python bindings
* Password read from stdin, instead of being an argument
* Compatibility FreeBSD, NetBSD, OpenBSD
* Constant-time verification
* Minor bug and warning fixes (no security issue)
|
|
|
|
Compiled binaries for Metasploit's next-gen Meterpreter.
|
|
v0.8.0 (14 February 2017)
+++++++++++++++++++++++++
- Added Fitbit compliance fix.
- Fixed an issue where newlines in the response body for the access token
request would cause errors when trying to extract the token.
- Fixed an issue introduced in v0.7.0 where users passing ``auth`` to several
methods would encounter conflicts with the ``client_id`` and
``client_secret``-derived auth. The user-supplied ``auth`` argument is now
used in preference to those options.
|
|
Bumps PKGREVISION.
|
|
- More cleanups, removal of obsolete stuff, and moves towards py3k
compatibility.
- Add support for EC.get_builtin_curves() and use it for testing.
- Enable AES CTR mode
- Bundle-in six module v. 1.10.0
- add rand_file_name and rand_status
- remove all LHASH fiddling
- Extend Travis and GitLab CI configuration to test also py3k (with
allowed_failures) and CentOS6 (on GitLab CI).
- Add CONTRIBUTORS.rst. Thank you!
- Add PEP-484 type hints in comments to all Python files (except for
tests)
- Use context managers for file handling wherever possible instead of
leaking open file descriptors.
- Improve defaults handling for SSL_CTX_new().
- Fix PGP tests to actually run
|
|
2.047 2017/02/16
- better fix for problem which 2.046 tried to fix but broke LWP this way
2.046 2017/02/15
- cleanup everything in DESTROY and make sure to start with a fresh %{*self}
in configure_SSL because it can happen that a GLOB gets used again without
calling DESTROY (https://github.com/noxxi/p5-io-socket-ssl/issues/56)
|
|
Upstream changes:
2016-10-20 12:09 osalaun_ur1
* trunk/META.yml, trunk/lib/AuthCAS.pm: Preparing version 1.7
2016-10-20 09:08 osalaun_ur1
* trunk/lib/AuthCAS.pm: Add encoding declaration in perl module.
Fix for this bug report:
https://rt.cpan.org/Ticket/Display.html?id=87241
|
|
2.045 2017/02/13
- fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
objects -> github pull#55
- optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD
if perl is compiled w/o thread support
- small fix in t/protocol_version.t to use older versions of Net::SSLeay
with openssl build w/o SSLv3 support
- when setting SSL_keepSocketOnError to true the socket will not be closed
on fatal error. This is a modified version of
https://github.com/noxxi/p5-io-socket-ssl/pull/53/
|
|
Summary of upstream changelog:
bug fixes
many new ATRs
ATR_analysis: propose to submit the ATR if not known
We propose to submit the ATR at http://smartcard-atr.appspot.com/ when
the ATR is not found in the list.
The message is always displayed for an unknown ATR, not just after the
list has been updated.
ATR_analysis: correctly use wget to store the ATR list
|
|
1.4.26 - 7 January 2017, Ludovic Rousseau
- Add support of
. Bit4id Digital DNA Key
. Bit4id tokenME FIPS v3
. INGENICO Leo
. appidkey GmbH ID60-USB
- Add support of
- PowerOn: the default algorithm is now 5V then 1.8V then 3V then fail.
It is still possible to change the initial voltage in the
Info.plist file. Now, in any case, all the values are tried
before failing.
- Negociate maximum baud rate when bNumDataRatesSupported = 0
- Some minor improvements
1.4.25 - 30 September 2016, Ludovic Rousseau
- Add support of
. Aladdin R.D. JaCarta (idProduct: 0x0402)
. Broadcom Corp 5880 (idProduct: 0x5832)
. Broadcom Corp 5880 (idProduct: 0x5833)
. Broadcom Corp 5880 (idProduct: 0x5834)
. ESMART Token GOST X2 ET1020-A
. Feitian VR504 VHBR Contactless & Contact Card Reader
. Feitian bR500
. Gemalto K50
. appidkey GmbH ID100-USB SC Reader
. appidkey GmbH ID50 -USB
- Remove suport of
. Broadcom Corp 5880 (idProduct: 0x5800)
. Broadcom Corp 5880 (idProduct: 0x5805)
. KEBTechnology KONA USB SmartCard
- macOS: Fix composite device enumeration
- Fix crash with GemCore Pos Pro and GemCore Sim Pro
- Some minor improvements
1.4.24 - 22 May 2016, Ludovic Rousseau
- Add support of
. Generic USB Smart Card Reader
. Giesecke & Devrient GmbH StarSign CUT S
. HID AVIATOR Generic
- better support of Elatec TWN4 SmartCard NFC
- better support of SCM SCL011
- betetr support of HID Aviator generic
- fix SCARD_ATTR_VENDOR_IFD_SERIAL_NO attribute size
- fix a race condition on card events with multiple readers
- Some minor improvements
1.4.23 - 20 April 2016, Ludovic Rousseau
- Add support of
. ACS ACR3901U ICC Reader
. Alcor Micro AU9560
. Cherry SmartTerminal XX44
. HID Global OMNIKEY 3x21 Smart Card Reader
. HID Global OMNIKEY 5022 Smart Card Reader
. HID Global OMNIKEY 6121 Smart Card Reader
. IonIDe Smartcard Reader reader
. KACST HSID Reader
. KACST HSID Reader Dual Storage
. KACST HSID Reader Single Storage
- Remove support of
. VMware Virtual USB CCID
- Do NOT add support of
. DUALi DE-ABCM6
- Fix a busy loop consuming 100% of CPU for some composite USB devices
impacted readers: Yubico Yubikey NEO U2F+CCID and Broadcom BCM5880
- Remove support of (unused) option DRIVER_OPTION_RESET_ON_CLOSE
- log libusb error name instead of decimal value
- Some minor improvements
1.4.22 - 10 January 2016, Ludovic Rousseau
- Add support of
. Aktiv Rutoken PINPad 2
. Aladdin R.D. JC-WebPass (JC600)
. Aladdin R.D. JCR-770
. Aladdin R.D. JaCarta
. Aladdin R.D. JaCarta Flash
. Aladdin R.D. JaCarta LT
. Aladdin R.D. JaCarta U2F (JC602)
. Athena ASEDrive IIIe Combo Bio PIV
. Athena ASEDrive IIIe KB Bio PIV
. GEMALTO CT1100
. GEMALTO K1100
. Hitachi, Ltd. Hitachi Biometric Reader
. Hitachi, Ltd. Hitachi Portable Biometric Reader
. Nitrokey Nitrokey Storage
. THURSBY SOFTWARE TSS-PK1
. Thursby Software Systems, Inc. TSS-PK7
. Thursby Software Systems, Inc. TSS-PK8
- Patch for Microchip SEC1110 reader on Mac OS X (card events notification)
- Patch for Cherry KC 1000 SC (problem was with a T=1 card and case 2 APDU)
- Fix support of FEATURE_MCT_READER_DIRECT for the Kobil mIDentity
visual reader
- Set timeout to 90 sec for PPDU (Pseudo APDU) commands. This change
allows the use of a Secure Verify command sent as a PPDU through
SCardTransmit().
- Fix a crash when reader reader initialization failed
- Fix initialization bug with Gemalto Pinpad reader on Mac OS X
- Some minor bugs fixed
1.4.21 - 21 October 2015, Ludovic Rousseau
- Add support of
. ACS ACR1252 Dual Reader
. Chicony HP USB Smartcard CCID Keyboard JP
. Chicony HP USB Smartcard CCID Keyboard KR
. FT ePass2003Auto
. Feitian bR301 BLE
. Feitian iR301 (ProductID 0x0619)
. Feitian iR301 (ProductID 0x061C)
. Identiv @MAXX ID-1 Smart Card Reader
. Identiv @MAXX Light2 token
. Identiv CLOUD 2980 F Smart Card Reader
. Identiv Identiv uTrust 4701 F Dual Interface Reader
. Identiv SCR3500 A Contact Reader
. Identiv SCR3500 B Contact Reader
. Identiv SCR35xx USB Smart Card Reader
. Identiv uTrust 2900 R Smart Card Reader
. Identiv uTrust 2910 R Smart Card Reader
. Identiv uTrust 2910 R Taglio SC Reader
. Identiv uTrust 3512 SAM slot Token
. Identiv uTrust 3522 embd SE RFID Token
. Identiv uTrust 3700 F CL Reader
. Identiv uTrust 3701 F CL Reader
. Identive Identive CLOUD 4000 F DTC
. Liteon HP SC Keyboard - Apollo (Liteon)
. Liteon HP SC Keyboard - Apollo JP (Liteon)
. Liteon HP SC Keyboard - Apollo KR (Liteon)
. Nitrokey Nitrokey HSM
. Nitrokey Nitrokey Pro
. Nitrokey Nitrokey Start
. Rocketek RT-SCR1
. VASCO DIGIPASS 875
. WatchCNPC USB CCID Key
- Remove support of
. Crypto Stick Crypto Stick v1.4 is an old version of Nitrokey Nitrokey Pro
. Free Software Initiative of Japan Gnuk Token is an old version
of Nitrokey Nitrokey Start
- Add Feitain R502 dual interface (composite) reader on Mac OS X
- display a human readable version of the error code returned by
libusb
- Mac OS X: wait until libusb/the reader is ready
- some minor bugs fixed
|
|
1.8.20: Ludovic Rousseau
30 December 2016
- Fix a crash and potential security issue in pcscd
1.8.19: Ludovic Rousseau
9 December 2016
- SCardGetStatusChange(): Fix a (rare) race condition
- Doxygen:
. SCardGetStatusChange() may return SCARD_E_UNKNOWN_READER
. SCardConnect() and SCardReconnect() will never return SCARD_E_NOT_READY
- pcsc-spy:
. fix display of execution time
. log the thread number in the results
- Some other minor improvements
|
|
|
|
|
|
This is a tiny, auditable script that you can throw on your server to issue and
renew Let's Encrypt certificates. Since it has to be run on your server and
have access to your private Let's Encrypt account key, I tried to make it as
tiny as possible (currently less than 200 lines). The only prerequisites are
python and openssl.
Tested successfully on NetBSD 7.0.2 (i386).
"please import!" wiz@
|
|
|
|
FEATURES:
- Okta Authentication: A new Okta authentication backend allows you to use
Okta usernames and passwords to authenticate to Vault. If provided with an
appropriate Okta API token, group membership can be queried to assign
policies; users and groups can be defined locally as well.
- RADIUS Authentication: A new RADIUS authentication backend allows using
a RADIUS server to authenticate to Vault. Policies can be configured for
specific users or for any authenticated user.
- Exportable Transit Keys: Keys in `transit` can now be marked as
`exportable` at creation time. This allows a properly ACL'd user to retrieve
the associated signing key, encryption key, or HMAC key. The `exportable`
value is returned on a key policy read and cannot be changed, so if a key is
marked `exportable` it will always be exportable, and if it is not it will
never be exportable.
- Batch Transit Operations: `encrypt`, `decrypt` and `rewrap` operations
in the transit backend now support processing multiple input items in one
call, returning the output of each item in the response.
- Configurable Audited HTTP Headers: You can now specify headers that you
want to have included in each audit entry, along with whether each header
should be HMAC'd or kept plaintext. This can be useful for adding additional
client or network metadata to the audit logs.
- Transit Backend UI (Enterprise): Vault Enterprise UI now supports the transit
backend, allowing creation, viewing and editing of named keys as well as using
those keys to perform supported transit operations directly in the UI.
- Socket Audit Backend A new socket audit backend allows audit logs to be sent
through TCP, UDP, or UNIX Sockets.
IMPROVEMENTS:
- auth/aws-ec2: Add support for cross-account auth using STS
- auth/aws-ec2: Support issuing periodic tokens
- auth/github: Support listing teams and users
- auth/ldap: Support adding policies to local users directly, in addition to
local groups
- command/server: Add ability to select and prefer server cipher suites
- core: Add a nonce to unseal operations as a check (useful mostly for
support, not as a security principle)
- duo: Added ability to supply extra context to Duo pushes
- physical/consul: Add option for setting consistency mode on Consul gets
- physical/etcd: Full v3 API support; code will autodetect which API version
to use. The v3 code path is significantly less complicated and may be much
more stable.
- secret/pki: Allow specifying OU entries in generated certificate subjects
- secret mount ui (Enterprise): the secret mount list now shows all mounted
backends even if the UI cannot browse them. Additional backends can now be
mounted from the UI as well.
BUG FIXES:
- auth/token: Fix regression in 0.6.4 where using token store roles as a
blacklist (with only `disallowed_policies` set) would not work in most
circumstances
- physical/s3: Page responses in client so list doesn't truncate
- secret/cassandra: Stop a connection leak that could occur on active node
failover
- secret/pki: When using `sign-verbatim`, don't require a role and use the
CSR's common name
|
|
|
|
|
|
|