| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
the package needs an update.
|
|
|
|
|
|
|
|
running with ABI=32 on a 64-bit native host.
|
|
Bump PKGREVISION as this removes dirmngr_ldap from default PLIST.
|
|
|
|
Upstream changes:
[Changes for 0.79 - Mon May 18 23:02:11 CST 2015]
* Restore "cpansign --skip" functionality.
Contributed by: CLOOS
[Changes for 0.78 - Thu Apr 9 16:58:27 CST 2015]
* Fix verify() use from cpanm and CPAN.pm.
Contributed by: ANDK
[Changes for 0.77 - Wed Apr 8 19:36:50 CST 2015]
* Include the latest public keys of PAUSE, ANDK and AUDREYT.
* Clarify scripts/cpansign copyright to CC0.
Reported by: @pghmcfc
[Changes for 0.76 - Wed Apr 8 18:05:48 CST 2015]
* Fix signature tests by defaulting to verify(skip=>1)
when $ENV{TEST_SIGNATURE} is true.
Reported by: @pghmcfc
[Changes for 0.75 - Tue Apr 7 04:56:09 CST 2015]
Two more issues reported by John Lightsey:
* Update ChangeLog.
* More protection of @INC from relative paths.
Fix various issues reported by John Lightsey:
[Changes for 0.74 - Tue Apr 7 02:39:14 CST 2015]
Fix various issues reported by John Lightsey:
* Fix GPG signature parsing logic.
* MANIFEST.SKIP is no longer consulted unless --skip is given.
* Properly use open() modes to avoid injection attacks.
|
|
is not, from what I can tell by building and using (also from the repo),
broken under py3x. Therefore, dependencies marked as broken under py3x due to
paramiko will be unmarked (unless they are broken for lack of py3x support).
From sites/www/changelog.rst:
:support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch.
:support:`516 backported` Document ~paramiko.agent.AgentRequestHandler. Thanks to @toejough for report & suggestions.
:bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI support (note: this includes switching from PyCrypo's Random to os.urandom). Thanks to Anselm Kruis for catch & patch.
:bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout functionality to address hangs from dropped network connections and/or failed handshakes. Credit to @vazir and @dacut for the original patches and to Olle Lundberg for reimplementation.
:bug:`490` Skip invalid/unparseable lines in known_hosts files, instead of raising ~paramiko.ssh_exception.SSHException. This brings Paramiko's behavior more in line with OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin Topholm.
:bug:`404` Print details when displaying ~paramiko.ssh_exception.BadHostKeyException objects (expected vs received data) instead of just "hey shit broke". Patch credit: Loic Dachary.
:bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner of the cherry-pick lottery.
:bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port which caused OverFlowError (and other symptoms) in SFTP functionality. Thanks to @dboreham for leading the troubleshooting charge, and to Scott Maxwell for the final patch.
:support:`582` Fix some old setup.py related helper code which was breaking bdist_dumb on Mac OS X. Thanks to Peter Odding for the patch.
:bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 vs IPv6) in case of connection issues; this helps with problems such as hosts which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. Thanks to Dries Desmet for original report and Torsten Landschoff for the foundational patchset.
:bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless TypeError with a human-readable ~paramiko.ssh_exception.AuthenticationException. Credit to Ken Jordan for the fix and Yvan Marques for original report.
|
|
|
|
Add LICENSE
Upstream changes:
Revision 1.64 2014/09/18 12:21:25 ashish
- Applied Fix for RT 68339 (thanks to Todd Rinaldo)
|
|
Changes since 20150919:
+ fixed minor bug in BN_rand() function - used field wasn't set
+ added BN_gcd() function
+ added translation layer in header file, so that library
can be called as a BIGNUM/BN_* replacement if USE_BN_INTERFACE
is defined at compile-time
|
|
2.020 2015/09/20
- support multiple directories in SSL_ca_path as proposed in RT#106711
by dr1027[AT]evocat[DOT]ne. Directories can be given as array or as string
with a path separator, see documentation.
- typos fixed thanks to jwilk https://github.com/noxxi/p5-io-socket-ssl/pull/34
|
|
1.72 2015-09-22
Fixed a problem where SvPVx_nolen was undefined in some versions of
perl. Reported by Karen Etheridge. Replaced with SvPV_nolen.
Fixed a cast warning on Darwin reported by Karen Etheridge.
1.71 2015-09-18
Patch from Ben Kaduk: Conditionalise support for MD4, MD5.
Added support for linking libraries in /usr/local/lib64 for some flavours
of Linux like RH Tikanga.
Fixes to X509_check_host, X509_check_ip, SSL_CTX_set_alpn_protos, and
SSL_set_alpn_protos so they will compile on MSVC and AIX cc. Thanks to
AGRUNDMA.
Fixed typos in documentation for X509_NAME_new and X509_NAME_hash
incorrect version 1.45 instead of 1.55 given.
Version number in META.yml is now quoted per request from Satoshi Yagi.
|
|
Noteworthy changes in version 0.9.6 (2015-09-10)
------------------------------------------------
* Many improvements for the dump tty pinentry.
* Use the standard GTK+-2 text entry widget instead of our outdated
and back-then-it-was-more-secure text widget.
* Use the standard Qt text widget.
* Allow for building a static Qt variant.
* Fix regression in w32 pinentry.
|
|
|
|
|
|
|
|
Avoid using rubyforge.org since it stopped most of services.
|
|
|
|
Allow any number of retries, instead of only up to 3.
Add ruser option, to authenticate as PAM_RUSER instead of PAM_USER,
to allow applications such as 'su' to authenticate as the real user.
Patch from David Mitchell.
Add 'localifdown' option.
|
|
version 20150919
Changes:
+ get rid of unnecessary header inclusion (sys/syslog.h), which gives
problems on HP/UX and is unused
from Tobias Nygren
|
|
And this package does not have header/library files.
|
|
* Do not abuse buildlink3.
* Use GnuPG 2.0 explicitly.
|
|
PERL5_MODULE_TYPE= Module::Install::Bundled
in the hope it fixes PR 50254.
While here, remove API depends line that's lower than what's in
openssl/bl3.mk.
|
|
|
|
|
|
|
|
----------------
* Version 3.3.18 (released 2015-09-12)
** libgnutls: When re-importing CRLs to a trust list ensure that there
no duplicate entries.
** certtool: Removed any arbitrary limits imposed on input file sizes
and maximum number of certificates imported.
** API and ABI modifications:
No changes since last version.
|
|
|
|
functions on Solaris. Check privileges for mlock use on Solaris before
trying to lock the resource buffer.
|
|
|
|
|
|
|
|
Changes since previous version (20150901)
+ Apparently, OS X 10.4 does not have an implementation of le32dec().
Instead, unroll the inline function.
Bug report from Sevan - thanks!
|
|
Added:
C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
C=DE, O=Deutscher Sparkassen Verlag GmbH, OU=S-TRUST Certification Services, \
CN=S-TRUST Universal Root CA
C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
C=TR, L=Ankara, \
O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., \
CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5
C=TR, L=Ankara, \
O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., \
CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H6
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, \
OU=(c) 2009 Entrust, Inc. - for authorized use only, \
CN=Entrust Root Certification Authority - G2
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, \
OU=(c) 2012 Entrust, Inc. - for authorized use only, \
CN=Entrust Root Certification Authority - EC1
C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
Removed:
C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, \
CN=TC TrustCenter Class 2 CA II
C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, \
CN=TC TrustCenter Universal CA I
C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
C=TR, O=Elektronik Bilgi Guvenligi A.S., \
CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
CN=SG TRUST SERVICES RACINE, OU=0002 43525289500022, O=SG TRUST SERVICES, C=FR
CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?, C=TR, L=ANKARA, \
O=(c) 2005 T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?.
|
|
The new distfile has a bad name and doesn't have the auto* generated
files. Given that it's on github, these issues are not likely to be
fixed. There has been no upstream release since 2008, so there's
really no point in dealing with that until there is. For now, just
use MASTER_SITE_BACKUP to avoid the old URL giving errors.
|
|
|
|
version 1.0.3
- clarify documentation of oauth_curl
- fix possible memleak in oauth_curl (only relevant if an error occurs)
- fix TOCTOU in oauth_curl_post_file: the file may change between stat() and fopen()
version 1.0.2
- fix typos in documentation
- add xfree, xstrdup patch from Kedar Sovani
- prepare repository migration to github
- built-in sha1 support big&little endian
- (no changes to the actual library API or ABI)
version 1.0.1
- do not url-escape RSA-key for signature
version 1.0.0
- fix body-hash example code
- mark all oauth_http functions as deprecated
- freeze interface definitions for good
- enter maintenance/bug-fix only cycle
version 0.9.7
- fixed tiny memory leak when oauth_curl_get() fails
- fixed double-encoding of plaintext signature
version 0.9.6
- fixed typo, do not print a separator before first parameter
when serializing url for auth-header.
version 0.9.5
- added "built-in" hmac-sha1 hashing (no RSA).
- added some CURL options available via enviroment variables
- fixed issue with decoding already encoded characters
in the base-URL (not parameters).
reported by L. Alberto Gimenez
|
|
|
|
|
|
While here, clean up patches. They looked pretty cargo-culty to me and
were not commented.
File a bug report for one of the remaining ones and link to it from comment.
Changes in 2.0.29:
Noteworthy changes in version 2.0.29 (2015-09-08)
-------------------------------------------------
* gpg: Print a PGP-2 fingerprint again instead of a row of "0".
* gpg: Fixed a race condition from multiple several "gpg --verify".
* gpg: Print FAILURE status lines to help GPGME.
* gpgsm: Fixed a regression in CSR generation.
* scdaemon: Fixed problems with some pinpads.
* Fixed a few other bugs.
|
|
Noteworthy changes in version 1.6.4 (2015-09-08) [C20/A0/R4]
------------------------------------------------
* Speed up the random number generator by requiring less extra
seeding.
* New flag "no-keytest" for ECC key generation. Due to a bug in the
parser that flag will also be accepted but ignored by older version
of Libgcrypt.
* Always verify a created RSA signature to avoid private key leaks
due to hardware failures.
* Fix alignment bug in the AESNI code on Windows > 7.
* Support FreeBSD 10 and later.
* Other minor bug fixes.
|
|
Update HOMEPAGE. Set LICENSE.
0.28 2013/06/21
* No significant change. Maintenance purpose only.
0.27 2010/08/12
* Adding Camellia defined in RFC 5581.
"Stefan H. Holek" <stefan>
* Notation name is always text.
Risko Gergely <gergely>
|
|
|
|
install new bash completion files, given a lack of pkgsrc doctrine for
where they go.
New in 0.15.0; 2015-05-11
* new card drivers
AzeDIT 3.5
IsoApplet
MaskTech
* libopensc
allow extended length APDUs
accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
fixed sc_driver_version check
adjusted send/receive size accoriding to card capabilities
in iso7816 make SELECT agnosting to sc_path_t's aid
* asn1
support multi-bytes tags
* pkcs15
reviewed support and tool functions for public key
public certs and pubkeys with an auth_id are treated as private
* pkcs11
introduced default PKCS#11 provider
fetched real value of CKA_LOCAL for pubkey
removed inconsistent attributes
C_Digest issues
no check if buffer too small before update
* added support for Travis CI
* updated support of EC in libopensc, pkcs15 and pkcs11
* fixed number of warnings, resource leaks, overity-scan issues
* macosx
target minimum OSX version to 10.7
update the minimal building instructions.
locate and target the latest SDK to build against.
locate the best newest SDK present on the computer.
* build
disable Secure Messaging if OpenSSL is not used
* tools
util_get_pin helper function
* PIV
Add AES support for PIV General Authenticate
fixed invalid bit when writing PIV certificate object with gzipped certificate
fixed bad caching behavior of PIV PKCS15 emulator
* ePass2003
fixed failure due to re-authenticate of secure messaging when card is accessed
by multiple PKCS11 sessions
* MyEID
EC support for MyEID-v4 card
* openpgp
extended options for openpgp-tool
* asepcos
fixed puk handling
* sc-hsm
support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
improved error detection and reporting in sc-hsm-tool
fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
fix certificate delete bug
* IAS/ECC
fixed PKCS#11 compliance issues
support for Morpho IAS Agent Card
* cardos
overwrite content of deleted private key
* win32
setup improuvement
look & feel
custom actions with card registration
minidriver impouvement
fixed errors and warnings returned by Microsoft quality tool
pin-pad support
New in 0.14.0; 2014-05-31
* new card driver DNIe
* extended existing drivers by support of
Swedish eID card (gemsafeV1)
EstEID 3.5 (mcrd)
* bogus javacard driver removed
* build
return to the standard use of 'autoconf'
CI specific bootstrap script: git commit stamp for the built packages
windows friendly compile settings
fixed a ton of compiler warnings
fence against using EVP_sha256 mech
debian packaging templates
compile without OpenSSL and without SM
enable compiler warnings by default
win32
add 'VarFileInfo' block to version-info
include to MSI package 'openpgp-tool.exe'
'version-info' resource for each target
* macOSX
"graphical uninstaller" to distribution DMG
update package building to modern tools
new tool and SDK paths for OS X 10.8
improved opensc-installer from distribution
osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on
build 'fat' binaries i386
* common
added getpass implementation for non windows
* libopensc
allow for the pin to be entered on the keypad during issuing
introduce 'encoded-content' to the sc_file data
general usage method to allocate generalized time
* minidriver
implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin'
improved management of GUID
use reader pin pad if available and allowed
configuration options for
compose GUID
refuse create container mechanism
add registers file for feitian cards
fixed
return code in 'CardGetContainerInfo'
returned 'tries-left' for blocked card
length of stripped data in RSADecrypt
* pkcs#11
bind non-recognized card, generic 'init-token' procedure
fixed
CKA_VALUE of 'public-key' object
fix ASN1 encoding issues
PIN-NOT-INITIALIZED for the non-user PINs
buffers overflow
segfault due to the undefined 'application-file'
* pkcs15
'direct' public key in PuKDF encoding
implement SPKI public key encoding
include and maintain minidriver framework data: cmap-record, md-flags, GUID, ..
fixed
encoding of 'SubjectPublicKeyInfo'
DER encoding of 'issuer' and 'subject'
PIN validation in 'pkcs15-verify'
public key algorithm
ECC public key encoding
ECC ecpointQ
* pkcs15init
introduce 'max-unblocks' PIN init parameter
keep cert. blob in cert-info data
file 'content' and 'prop-attrs' in the card profile
in profile more AC operations are parsed
fixed
NULL pointer dereference error
NULL 'store-key' handle
ignore if no TokenInfo file to update
set EC pubkey parameters from init data
* reader-pcsc
fixed
implicit pin modification
pin checking when implicitly given
verify/modify pinpad commands
* SM
common SM 'increase-sequence-counter' procedure
move SM APDU procedures to dedicated source file
move SM common crypto procedures to the dedicated library
* doc
documentation for --list-token-slots
* default driver
do not send possibly arbitrary APDU-s to an unknown card.
by default 'default' card driver is disabled
* sc-hsm
Added support for
persistent EC public keys generated from certificate signing requests
token label to be set via C_InitToken or sc-hsm-tool
unblock PIN using C_InitPIN()
initialize EC key params
fixed
bug that prevents a newly generated 2048 key to show up at the PKCS#11 interface
bug when changing SO-PIN with opensc-explorer sc-hsm-tool
memory checking and removed warning
problem deleting CA certificates sc-hsm
public key format returned when generating ECC keys
sc-hsm-tool
better error handling for non-SmartCard-HSM cards
support for DKEK password sharing scheme
threshold scheme parameters to manpage
crash on Windows when --wrap-key frees memory allocated in opensc.dll
* ias
simplify the compute signature operation
* PIV
use SPKI encoding for public key data
extract public key from cert if no object on card
fix
segfault and valgrind issue
gen_key to expect the proper PIV Key references
* CardOS
build for Windows
use information from AlgorithmInfo
supported CardOS V5.0
* epass2003
key generation allows stricter privkey/pubkey ACLs
list_files implemented
properly disable padding
allow exponents other than 65537
* myeid
fixed file-id in myeid.profile
* entersafe
fix a bug when writing public key
* EstEID
match card only based on presence of application.
* pteid
do not call the iso7816 driver get_response operation
* myeid
support of EC key is broken
|
|
1.4.24 - 7 August 2015, Ludovic ROUSSEAU
- 253 new ATRs
- ATR_analysis: better update of the local cache
1.4.23 - 13 September 2014, Ludovic ROUSSEAU
- 137 new ATRs
|
|
1.8.14: Ludovic Rousseau
5 August 2015
- Threading: lock the PC/SC context in a safe way
- Threading: lock the card context in a safe way
- SCardGetStatusChange(): fix card movement rare bug
- Doxygen:
. SCardTransmit() may return SCARD_E_INSUFFICIENT_BUFFER
. SCardEndTransaction() The disposition IS used and the dwDisposition
parameter HAS an effect.
. SCardReconnect() do not release locks
. fix typos
- Move the source code repository from subversion to git
- Use asprintf(3) instead of strlcat(3) and strlcpy(3)
- Allow to use pcscd in a remote session (polkit issue)
- Some other minor improvements and bug corrections
pcsc-lite-1.8.13: Ludovic Rousseau
7 November 2014
- fix a systemd + libudev hotplug bug introduced in version 1.8.12.
The list of readers was not (yet) available just after the start of pcscd
- Make the license more 3-clause BSD like
- fix a rare race condition in the (non default) libusb hotplug
- Some other minor improvements and bug corrections
|
|
1.4.20 - 5 August 2015, Ludovic Rousseau
- Add support of
. ACS ACR1251 Dual Reader
. Access IS NFC Smart Module
. BIFIT iToken
. BLUTRONICS BLUDRIVE II CCID (idProduct: 0x1079)
. Generic MultiCard Device
. NXP Pegoda 2 N
. SafeNet eToken 5100
. SafeNet eToken 7300
. Yubico Yubikey 4 CCID
. Yubico Yubikey 4 OTP+CCID
. Yubico Yubikey 4 OTP+U2F+CCID
. Yubico Yubikey 4 U2F+CCID
- Depends on libusb version 1.0.9 instead of 1.0.8
- The O2 Micro Oz776 reader only supports 9600 bps
- Change installation directory for Mac OS X El Capitan 10.11
1.4.19 - 13 May 2014, Ludovic Rousseau
- Add support of
. AK910 CKey (idProduct 0x0001)
. AK910 CKey (idProduct 0x0011)
. AK910 IDONE
. Broadcom Corp 5880 (idProduct: 0x5804)
. CASTLES EZCCID Smart Card Reader
. Cherry KC 1000 SC
. Cherry KC 1000 SC Z
. Cherry KC 1000 SC/DI
. Cherry KC 1000 SC/DI Z
. Cherry TC 1300
. Chicony USB Smart Card Keyboard
. Elatec TWN4 SmartCard NFC
. Feitian 502-CL
. Feitian eJAVA Token
. FujitsuTechnologySolutions GmbH Keyboard KB100 SCR
. FujitsuTechnologySolutions GmbH Keyboard KB100 SCR eSIG
. Hewlett-Packard HP lt4112 Gobi 4G Module
. Identive SCT3522CC token
. OMNIKEY AG 6121 USB mobile
. PIVKey T800
. REINER SCT tanJack Bluetooth
. Watchdata USB Key
- Add syslog(3) debug for Mac OS X Yosemite.
Use: sudo syslog -c "com.apple.ifdreader PID" -d to change the logging level.
See also "Change syslog logging level on Yosemite"
http://ludovicrousseau.blogspot.com/2015/03/change-syslog-logging-level-on-yosemite.html
- Remove ZLP patch for Gemalto IDBridge CT30 and K30. The patch was
causing problems with the K50. A new reader firmware (version F)
solved the problem so the patch is no more needed.
- Fix a memory leak in an error path
- some minor bugs removed
|
|
|
