| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
18.0.0:
Backward-incompatible changes:
- The minimum cryptography version is now 2.2.1.
- Support for Python 2.6 has been dropped.
Changes:
- Added Connection.get_certificate to retrieve the local certificate.
- OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default.
- Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material.
|
|
Previously if `automake' was not available during the build,
patch-libsecret_Makefile.am was effectively not applied to the Makefile.
To avoid to depends on `automake' just directly patch the Makefile.in.
Should fix the problem reported by Mayuresh on pkgsrc-users@
regarding the use of dollar single quotes ($'...') (also if `automake' is not
available!).
|
|
This should fix the problem reported by Mayuresh via pkgsrc-users@:
<https://mail-index.NetBSD.org/pkgsrc-users/2018/05/20/msg026746.html>
No PKGREVISION bump since it should only fix the problem on platforms where the
shell does not support dollar single quotes (i.e. `$'...'').
Thanks to <youri> for testing this patch!
|
|
# Version 1.3.1
* Revert "pins: remove GlobalSign R1/R3 pins" from Robert Copeland
* Readme update from Wesley Schwengle
* Add Dockerfile to create a clean build environment from Wesley Schwengle
* Missing dependencies in readme
* Added CLion project files to ignore list
# Version 1.3.0
* `lpass show` now supports `--json` format
* `lpass show` now supports `--quiet` flag to suppress prompts,
from Pau Sanchez
* `lpass import` has `--keep-dupes` flag which will preserve duplicate
accounts on import
* `LPASS_PINENTRY` environment variable may now be used to set custom
path to pinentry, from Martynas Mickevičius
* Build fix for aarch64 and others from Natanael Copa
* New fish completions from Israel Chauca Fuentes
* Zsh completions from Richard Hillmann
* Brew build instructions updates from Roger D. Winans
* bugfix: site notes now show up in notes textarea instead of fields
* spelling fixes from Josh Soref
# Version 1.2.2
* `lpass ls --format` now supports "%al" to show URL, from Yikai Zhao
* $VISUAL can be used in preference to $EDITOR, from Wesley Schwengle
* `lpass edit` can now directly edit multiline ssh keys
* fields are now preserved when edited with `lpass edit`
* Bugfix: use-after-free in http.c fixed, from Björn Ketelaars
* Bugfix: command-line completion now works for names with spaces
* Bugfix: loading attachments from shared folders now works, from Spencer
Whyte
* Debian packing updates from Hannes Hörl
* Documentation updates from Darragh Grealish and Steven Liekens
|
|
- Remove last remainig crypto:rand_bytes() usage
|
|
- Don't check mtime of certificates, and make cerificate update explicit.
- Add ability to specify CA for accepting client certificates.
|
|
|
|
### Added
- certbot now has an enhance subcommand which allows you to configure
security enhancements like HTTP to HTTPS redirects, OCSP stapling,
and HSTS without reinstalling a certificate.
- certbot-dns-rfc2136 now allows the user to specify the port to use
to reach the DNS server in its credentials file.
- acme now parses the wildcard field included in authorizations so it
can be used by users of the library.
### Changed
- certbot-dns-route53 used to wait for each DNS update to propagate
before sending the next one, but now it sends all updates before
waiting which speeds up issuance for multiple domains dramatically.
- We've doubled the time Certbot will spend polling authorizations
before timing out.
- The level of the message logged when Certbot is being used with
non-standard paths warning that crontabs for renewal included in
Certbot packages from OS package managers may not work has been
reduced. This stops the message from being written to stderr every
time `certbot renew` runs.
### Fixed
- certbot-auto now works with Python 3.6.
|
|
Based on the previous default behave on NetBSD add bzip2 and zlib to the
suggested options. In the past gnupg2 automatically detected bzip2 and
zlib from the system and enabled these options also if no buildlink file
was present.
bzip2 and zlib still stay as options because if gnupg2 remote agent
forwarding is used both gnupg2 versions (local and remote) need to provide
the same compression options. This allow the user to build gnupg2 with or
without compression options if needed.
PKGREVISION bump because new suggested options might require an rebuild on
different operating systems if bzip2 and zlib was not accidentally detected
and enabled.
Reviewed by wiedi
|
|
|
|
* patch-lib_libpam_openpam__constants.c:
* comment it (make pkglint happy)
* fix OPENPAM_MODULES_DIR (avoid openpam loading basesystem modules)
* remove "CONFIGURE_ARGS+= --without-pam-su" (option not recognized by configure)
* change '_dep_' to 'dep' in builtin.mk (make pkglint happy)
* fix paths in manpages
Changes from upstream:
============================================================================
OpenPAM Resedacea 2017-04-30
- BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
OpenPAM Radula, as it breaks common error-handling constructs.
- BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
dispatcher when the required service function could not be found.
- ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
NULL in API functions that have a NULL check.
- ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
PAM_BAD_CONSTANT error codes for situations where we previously
incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
had been passed to an API function.
- ENHANCE: Improve the RETURN VALUES section in API man pages,
especially for functions that cannot fail, which were incorrectly
documented as returning -1 on failure.
============================================================================
OpenPAM Radula 2017-02-19
- BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
pam_get_user(3) from using application-provided custom prompts.
- BUGFIX: Plug a memory leak in pam_set_item(3).
- BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
- BUGFIX: In openpam_readword(3), support line continuations within
whitespace.
- ENHANCE: Add a feature flag to control fallback to "other" policy.
- ENHANCE: Add a pam_return(8) module which returns an arbitrary
code specified in the module options.
- ENHANCE: More and better unit tests.
|
|
drop polkitgtkmate library and its docs
Fix reshow/hide icon with statusnotifier
status-icon: don’t use stock icons
polkitmateauthenticationdialog: avoid deprecated GtkAlignment
polkitmateauthenticationdialog: replace a GTK_STOCK deprecation
Translations update
|
|
|
|
Port code that disables optimization on GCC to Clang/LLVM.
|
|
|
|
Changes since 1.0.5:
Version 1.06
* Add -P for overriding the password prompt we search for
* Add -v for verbose logging of the prompt detection prompt.
* Allow packagers and compilers to change the default password prompt.
* When giving -V, also print the default password prompt.
Also, add patch from FreeBSD to fix tty issue which prevents sshpass from
seeing the password prompt.
|
|
pkgsrc changes:
- Rename `xclip' PKG_OPTION to `x11' (and add a PKG_OPTIONS_LEGACY_OPTS
accordingly) and also depends on converters/base64 (needed by the `--clip'
option, like xclip) and qrencode (needed by the new `--qrcode' option).
- Add support for `test' target and adjust the part of the test suite for
gnupg>=2.2.5 via patches/patch-tests_t0300-reencryption.sh.
- sysutils/pwgen is no more needed, remove it from DEPENDS
(now `tr -dc '<characters>' < /dev/urandom' is used instead)
- Add patches/patch-contrib_dmenu_passmenu to fix `passmenu --type'
(at least xdotool-2.20110530.1 does not support any `--file' option used by
passmenu)
- Adjust PAX invocations in `do-install' target to ignore possible `*.orig'
and `.gitignore' files.
Changes
1.7.1
-----
== Bug Fixes ==
* Fix test suite on OS X
* Add compatibility with GnuPG 2.2.19
* Uniformly use the $GPG variable
* Do the correct thing with subkeys when reencrypting
1.7
---
== New Features ==
* Extensions: pass can now load user-defined extensions from a system
directory or a user directory. There's already a nice ecosystem of
extensions being built, even at this early stage. See the pass man page for
more information.
* Signatures: there is now an option to enforce signatures of the .gpg-id file
and extensions using an environment variable.
* QRCodes: generate and show have now learned the --qrcode/-q switch. Note to
package maintainers: this adds a dependency on the popular qrencode package.
* Password generation: rather than use pwgen, we now use /dev/urandom more
directly, which results in more assured password security, as well as
customizable character sets, via an environment variable. See the pass man
page for more information on this customization. Package maintainers: you
may now drop the dependency on pwgen.
* Importers: there now are several more importers. More and more folks are
moving to pass!
* Selectable clipping: you can now specify which line you wish to copy to the
clipboard or display with a qrcode when using -c or -q.
* Git discovery: The PASSWORD_STORE_GIT environment variable has been removed,
and instead pass will automatically choose the git repository closest to the
file being modified (but not out of the actual password store itself). This
should help people who like to nest git repos for different organizations.
* Bug fixes: too many to count.
== Note To Distros ==
* Drop the dependency of pwgen.
* Add the dependency of qrencode.
* The Makefile now does the right thing with DESTDIR, so you might want to
double check that your package recipe does the right thing.
* The semantics for auto-detection of bash completion has changed, with new
environment variables for such things. See INSTALL for details.
|
|
0.78 May 5, 2018
- Free master pty when the user calls disconnect (bug report
by Jaroslav Reindl, #rt125240).
|
|
My "make mps" and subsequent "cvs commit" didn't add this file
as it would "normally" have done...
|
|
|
|
changes in version 2.2.7:
* gpg: New option --no-symkey-cache to disable the passphrase cache
for symmetrical en- and decryption.
* gpg: The ERRSIG status now prints the fingerprint if that is part
of the signature.
* gpg: Relax emitting of FAILURE status lines
* gpg: Add a status flag to "sig" lines printed with --list-sigs.
* gpg: Fix "Too many open files" when using --multifile.
* ssh: Return an error for unknown ssh-agent flags.
* dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
caches under Windows.
* dirmngr: Fix a CNAME problem with pools and TLS. Also use a fixed
mapping of keys.gnupg.net to sks-keyservers.net.
* dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
* dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr: Implement CRL fetching via https. Here a redirection to
http is explictly allowed.
* dirmngr: Make LDAP searching and CRL fetching work under Windows.
This stopped working with 2.1.
* agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
debugging.
|
|
changes in version 1.31:
* Fixes another problem with gpgrt_poll under Windows.
* New translation for Spanish.
|
|
|
|
Ruby Gem for RFC 3610 - Counter with CBC-MAC (CCM).
|
|
|
|
6.02 Fri Apr 20 16:25:30 MST 2018
- silenced compiler warnings from VS2017
-- ref. rt.cpan.org #124477
-- thanks to Sergey Aleynikov for diagnostics
- modified addfile to return error when given a directory name
-- makes behavior consistent with GNU coreutils shaXsum
-- thanks to Scott Baker for pointing this out
|
|
0.060 2018-05-01
- bundled libtomcrypt update
- Math::BigInt::LTM - remove buggy tests failing with the latest Math::BigInt
- basically no changes to the perl modules
|
|
0.15 2018-04-22 rurban
- fix mingw hints for pkg-config support (akiym, PR #7)
|
|
0.30 Tue May 1 2018
- Working windows library detection
- Actively testing on appveyor for windows now.
- work correctly on LibreSSL
0.29_03 Mon Apr 16 2018
- Add whirlpool hash support.
- Crypt::OpenSSL::Random is now required at comnpile-time.
- Use the new interface to RSA_generate_key if available
- Add library paths to LIBS from Crypt::OpenSSL::Guess
|
|
Make sure python requires matches dependencies, to keep pip happy.
|
|
|
|
Fixes build on -current after patch-lib_ASN1.y was added.
|
|
Remove hack for DragonFly/i386, DragonFly is 64-bit only nowadays.
Noteworthy changes in version 1.30 (2018-04-30) [C24/A24/R1]
-----------------------------------------------
* Fix for a hang on Windows when using gpgrt_poll under nPth.
* Build fix for Solaris. [#3869]
|
|
0.30.1:
- Fix packaging (missed packaging testing file)
|
|
|
|
Pointed by wiz@, thank you.
|
|
* From Fedora's xml-security-c-1.7.3_openssl1.1.patch
* Use OpenSSL 1.1 with BUILDLINK_API_DEPENDS
|
|
|
|
|
|
--------------
polkit 0.114
--------------
WARNING WARNING WARNING: This is a prerelease on the road to polkit
1.0. Public API might change and certain parts of the code still needs
some security review. Use at your own risk.
This is polkit 0.114.
Highlights:
Port to mozjs 52, the latest version of the firefox JavaScript engine.
Add gettext support for policy files
Fixes for various memory leaks
Build requirements
glib, gobject, gio >= 2.32
mozjs-52
gobject-introspection >= 0.6.2 (optional)
pam (optional)
ConsoleKit OR systemd
Changes since polkit 0.113:
Anders Jonsson (2):
pkcheck: fix man typos
Add Swedish translation
Antoine Jacoutot (1):
Add support for OpenBSD
Christian Kirbach (1):
Add German translation
Colin Walters (3):
build: Pull in GCC warning infra from ostree
build: Use AC_USE_SYSTEM_EXTENSIONS
tests: Correct boundary test for overflow
Dariusz Gadomski (2):
Fix multi-line pam text info.
Refactor send_to_helper usage
Gabor Kelemen (1):
Add initial Hungarian translation, and add hu to LINGUAS
Jeremy Linton (5):
change mozjs interface module to c++
Switch to hard requiring mozjs24
Fix warnings caused by building with C++
Replace autocompartment
test: Add a test case to handle actions without explicit rules
Jiří Klimeš (1):
trivial: fix deprecated indication for polkit_agent_register_listener()
Matthias Clasen (1):
Add gettext support for .policy files
Miloslav Trmač (21):
Post-release version bump to 0.114
Consistently use HAVE_NETGROUP_H instead of HAVE_OPENBSD
Fix a memory leak of PolkitAgentListener's Server object
Remove polkitbackendconfigsource.[ch]
Add Slovak translation by Dusan Kazik <prescott66@gmail.com>
Add Indonesian translation by Andika Triwidada
Add Chinese (Taiwan) translation
Fix a typo in polkit(8)
Simplify GVariant reference counting
Fix a memory leak on an error path of lookup_asv (twice)
Fix a memory leak in server_handle_register_authentication_agent_with_options
Fix a memory leak in server_handle_unregister_authentication_agent
Fix a memory leak in server_handle_authentication_agent_response{,2}
Fix memory leaks in server_handle_*_temporary_authorizations
Fix error handling in polkit_authority_enumerate_temporary_authorizations_finish
Fix a memory leak per agent authentication
Fix a memory leak on agent authentication cancellation
Audit and fix GVariant reference counting
Fix help for (pkttyagent -s)
Fix a race condition when terminating runaway_killer_thread
Move to current GLib
Mingye Wang (Arthur2e5) (1):
Add zh_CN translation
Muhammet Kara (1):
Added Turkish translation
OBATA Akio (1):
Add support for NetBSD
Peter Hutterer (1):
gettext: switch to default-translate "no"
Philip Withnall (3):
polkit: Add g_autoptr() support for GObject-derived polkit types
data: Set GIO_USE_VFS=local in the environment
polkitbackend: Fix typos in a couple of initialisation error messages
Piotr Drąg (1):
Add Polish translation
Rafael Fontenelle (1):
Add Brazilian Portuguese translation
Ray Strode (34):
configure: bump mozjs requirement to 52
jsauthority: fix how classes are defined
jsauthority: use JS_FN instead of JS_FS
jsauthority: get rid of JSRuntime
jsauthority: change how setVersion is called
jsauthority: call JS_Init
jsauthority: call JS_InitSelfHostedCode
jsauthority: change how JIT is disabled
jsauthority: JS::SetWarningReporter instead of JS_SetErrorReporter
jsauthority: add UTF8 suffix to renamed functions
jsauthority: pass "%s" format string to report functions
jsauthority: s/JSBool/bool/
jsauthority: s/jsval/JS::Value/
jsauthority: s/JSVAL_NULL/JS::NullValue()/
jsauthority: s/JSVAL_VOID/JS::UndefinedValue()/
jsauthority: s/OBJECT_TO_JSVAL/JS::ObjectValue/
jsauthority: s/STRING_TO_JSVAL/JS::StringValue/
jsauthority: s/BOOLEAN_TO_JSVAL/JS::BooleanValue/
jsauthority: JSVAL_TO_OBJECT (o) to o.toObjectOrNull()
jsauthority: JSVAL_TO_STRING (s) to s.toString()
jsauthority: JSVAL_IS_STRING (s) to s.isString()
jsauthority: JSVAL_IS_NULL (o) to o.isNull()
jsauthority: Fix up JS_CallFunctionName invocations
jsauthority: use InterruptCallback api instead of OperationCallback
jsauthority: redo how global objects are set up
jsauthority: root some locals to the context
jsauthority: adapt arguments for new JS::Compile API
jsauthority: adapt arguments for new JS_ExecuteScript API
jsauthority: use JS::Evaluate instead of JS_EvaluateScript
jsauthority: fix up set_property methods
jsauthority: stop using JS_GetStringCharsZ
jsauthority: switch from JS_ConvertArguments to JS::CallArgsFromVp
jsauthority: re-enable JIT
Port JavaScript authority to mozjs52
Rui Matos (1):
polkitpermission: Fix a memory leak on authority changes
Sebastien Bacher (1):
Support polkit session agent running outside user session
Stef Walter (2):
polkitagent: Fix access after dereference on hashtable
polkitagent: No double warnings in polkit_agent_listener_register()
Sven Eden (1):
configure: enable elogind support in PolicyKit
Yuri Chornoivan (1):
Add Ukrainian translation
enkore (1):
Fix abnomal formatting of authentication header lines
muzena (1):
Add hr.po
Thanks to our contributors.
Colin Walters and Miloslav Trmač,
April 2, 2017
|
|
Otherwise on Solaris it finds a really old builtin gmp and fails.
|
|
|
|
No changelog found, assuming update to latest mozilla certs.
|
|
DEPRECATIONS/CHANGES:
- `vault kv` and Vault versions: In 0.10.1 some issues with `vault kv` against
v1 K/V engine mounts are fixed. However, using 0.10.1 for both the server
and CLI versions is required.
- Mount information visibility: Users that have access to any path within a
mount can now see information about that mount, such as its type and
options, via some API calls.
- Identity and Local Mounts: Local mounts would allow creating Identity
entities but these would not be able to be used successfully (even locally)
in replicated scenarios. We have now disallowed entities and groups from
being created for local mounts in the first place.
FEATURES:
- X-Forwarded-For support: `X-Forwarded-For` headers can now be used to set the
client IP seen by Vault. See the TCP listener configuration
page for details.
- CIDR IP Binding for Tokens: Tokens now support being bound to specific
CIDR(s) for usage. Currently this is implemented in Token Roles; usage can be
expanded to other authentication backends over time.
- `vault kv patch` command: A new `kv patch` helper command that allows
modifying only some values in existing data at a K/V path, but uses
check-and-set to ensure that this modification happens safely.
- AppRole Local Secret IDs: Roles can now be configured to generate secret IDs
local to the cluster. This enables performance secondaries to generate and
consume secret IDs without contacting the primary.
- AES-GCM Support for PKCS#11 [BETA] (Enterprise): For supporting HSMs,
AES-GCM can now be used in lieu of AES-CBC/HMAC-SHA256. This has currently
only been fully tested on AWS CloudHSM.
- Auto Unseal/Seal Wrap Key Rotation Support (Enterprise): Auto Unseal
mechanisms, including PKCS#11 HSMs, now support rotation of encryption keys,
and migration between key and encryption types, such as from AES-CBC to
AES-GCM, can be performed at the same time (where supported).
IMPROVEMENTS:
- auth/approle: Support for cluster local secret IDs. This enables secondaries
to generate secret IDs without contacting the primary
- auth/token: Add to the token lookup response, the policies inherited due to
identity associations
- auth/token: Add CIDR binding to token roles
- cli: Add `vault kv patch`
- core: Add X-Forwarded-For support
- core: Add token CIDR-binding support
- identity: Add the ability to disable an entity. Disabling an entity does not
revoke associated tokens, but while the entity is disabled they cannot be
used.
- physical/consul: Allow tuning of session TTL and lock wait time
- replication: Dynamically adjust WAL cleanup over a period of time based on
the rate of writes committed
- secret/ssh: Update dynamic key install script to use shell locking to avoid
concurrent modifications
- ui: Access to `sys/mounts` is no longer needed to use the UI - the list of
engines will show you the ones you implicitly have access to (because you have
access to to secrets in those engines)
BUG FIXES:
- cli: Fix `vault kv` backwards compatibility with KV v1 engine mounts
- identity: Persist entity memberships in external identity groups across
mounts
- identity: Fix error preventing authentication using local mounts on
performance secondary replication clusters
- replication: Fix issue causing secondaries to not connect properly to a
pre-0.10 primary until the primary was upgraded
- secret/gcp: Fix panic on rollback when a roleset wasn't created properly
- secret/gcp: Fix panic on renewal
- ui: Fix IE11 form submissions in a few parts of the application
- ui: Fix IE file saving on policy pages and init screens
- ui: Fixed an issue where the AWS secret backend would show the wrong menu
- ui: Fixed an issue where policies with commas would not render in the
interface properly
- ui: Corrected the saving of mount tune ttls for auth methods
- ui: Credentials generation no longer checks capabilities before making
api calls. This should fix needing "update" capabilites to read IAM
credentials in the AWS secrets engine
|
|
0.30.0:
- Various small typos (Windows builds, Fix SSL.Connection.__del__)
- The project is now Linux-distribution agnostic
- Replace all old-style classes with the new ones (it shouldn't cause
any problems, but feel free to file an issue, if it does)
- Do not by-pass a potential transfer decoding in m2urllib2
- Update M2Crypto.six with 1.11.0 and replace our local workarounds with
new functions.
- SSLv3 just removed.
- Don't support Python 2.6 on Windows anymore. Windows users don't have
python as a system package, so they are usually more likely to upgrade
anyway.
|
|
Upstream changes:
1.04 Fri Apr 20 16:25:30 MST 2018
- silenced compiler warnings from VS2017
-- ref. rt.cpan.org #124477
-- thanks to Sergey Aleynikov for diagnostics
- modified addfile to return error when given a directory name
-- makes behavior consistent with GNU coreutils shaXsum
-- thanks to Scott Baker for pointing this out
|
|
|
|
Noted by Patrick Welche.
|
|
Add missing DEPENDS
Upstream changes:
0.14 2018-04-17 rurban
- add library paths to LIBS from Crypt::OpenSSL::Guess (akiym, PR #6)
0.13 2018-04-14 rurban
- move Crypt::OpenSSL::Guess to configure dependency. (grinnz, PR #4)
0.12 2018-04-13 rurban
- use Crypt::OpenSSL::Guess to resolve OpenSSL include path,
fixes MacOS's homebrew OpenSSL installation problem. (akiym, PR #3)
|
|
|
