| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
----------------
* Version 3.3.18 (released 2015-09-12)
** libgnutls: When re-importing CRLs to a trust list ensure that there
no duplicate entries.
** certtool: Removed any arbitrary limits imposed on input file sizes
and maximum number of certificates imported.
** API and ABI modifications:
No changes since last version.
|
|
|
|
functions on Solaris. Check privileges for mlock use on Solaris before
trying to lock the resource buffer.
|
|
|
|
|
|
|
|
Changes since previous version (20150901)
+ Apparently, OS X 10.4 does not have an implementation of le32dec().
Instead, unroll the inline function.
Bug report from Sevan - thanks!
|
|
Added:
C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
C=DE, O=Deutscher Sparkassen Verlag GmbH, OU=S-TRUST Certification Services, \
CN=S-TRUST Universal Root CA
C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
C=TR, L=Ankara, \
O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., \
CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5
C=TR, L=Ankara, \
O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., \
CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H6
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, \
OU=(c) 2009 Entrust, Inc. - for authorized use only, \
CN=Entrust Root Certification Authority - G2
C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, \
OU=(c) 2012 Entrust, Inc. - for authorized use only, \
CN=Entrust Root Certification Authority - EC1
C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
Removed:
C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, \
CN=TC TrustCenter Class 2 CA II
C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, \
CN=TC TrustCenter Universal CA I
C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
C=TR, O=Elektronik Bilgi Guvenligi A.S., \
CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
CN=SG TRUST SERVICES RACINE, OU=0002 43525289500022, O=SG TRUST SERVICES, C=FR
CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?, C=TR, L=ANKARA, \
O=(c) 2005 T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?.
|
|
The new distfile has a bad name and doesn't have the auto* generated
files. Given that it's on github, these issues are not likely to be
fixed. There has been no upstream release since 2008, so there's
really no point in dealing with that until there is. For now, just
use MASTER_SITE_BACKUP to avoid the old URL giving errors.
|
|
|
|
version 1.0.3
- clarify documentation of oauth_curl
- fix possible memleak in oauth_curl (only relevant if an error occurs)
- fix TOCTOU in oauth_curl_post_file: the file may change between stat() and fopen()
version 1.0.2
- fix typos in documentation
- add xfree, xstrdup patch from Kedar Sovani
- prepare repository migration to github
- built-in sha1 support big&little endian
- (no changes to the actual library API or ABI)
version 1.0.1
- do not url-escape RSA-key for signature
version 1.0.0
- fix body-hash example code
- mark all oauth_http functions as deprecated
- freeze interface definitions for good
- enter maintenance/bug-fix only cycle
version 0.9.7
- fixed tiny memory leak when oauth_curl_get() fails
- fixed double-encoding of plaintext signature
version 0.9.6
- fixed typo, do not print a separator before first parameter
when serializing url for auth-header.
version 0.9.5
- added "built-in" hmac-sha1 hashing (no RSA).
- added some CURL options available via enviroment variables
- fixed issue with decoding already encoded characters
in the base-URL (not parameters).
reported by L. Alberto Gimenez
|
|
|
|
|
|
While here, clean up patches. They looked pretty cargo-culty to me and
were not commented.
File a bug report for one of the remaining ones and link to it from comment.
Changes in 2.0.29:
Noteworthy changes in version 2.0.29 (2015-09-08)
-------------------------------------------------
* gpg: Print a PGP-2 fingerprint again instead of a row of "0".
* gpg: Fixed a race condition from multiple several "gpg --verify".
* gpg: Print FAILURE status lines to help GPGME.
* gpgsm: Fixed a regression in CSR generation.
* scdaemon: Fixed problems with some pinpads.
* Fixed a few other bugs.
|
|
Noteworthy changes in version 1.6.4 (2015-09-08) [C20/A0/R4]
------------------------------------------------
* Speed up the random number generator by requiring less extra
seeding.
* New flag "no-keytest" for ECC key generation. Due to a bug in the
parser that flag will also be accepted but ignored by older version
of Libgcrypt.
* Always verify a created RSA signature to avoid private key leaks
due to hardware failures.
* Fix alignment bug in the AESNI code on Windows > 7.
* Support FreeBSD 10 and later.
* Other minor bug fixes.
|
|
Update HOMEPAGE. Set LICENSE.
0.28 2013/06/21
* No significant change. Maintenance purpose only.
0.27 2010/08/12
* Adding Camellia defined in RFC 5581.
"Stefan H. Holek" <stefan>
* Notation name is always text.
Risko Gergely <gergely>
|
|
|
|
install new bash completion files, given a lack of pkgsrc doctrine for
where they go.
New in 0.15.0; 2015-05-11
* new card drivers
AzeDIT 3.5
IsoApplet
MaskTech
* libopensc
allow extended length APDUs
accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
fixed sc_driver_version check
adjusted send/receive size accoriding to card capabilities
in iso7816 make SELECT agnosting to sc_path_t's aid
* asn1
support multi-bytes tags
* pkcs15
reviewed support and tool functions for public key
public certs and pubkeys with an auth_id are treated as private
* pkcs11
introduced default PKCS#11 provider
fetched real value of CKA_LOCAL for pubkey
removed inconsistent attributes
C_Digest issues
no check if buffer too small before update
* added support for Travis CI
* updated support of EC in libopensc, pkcs15 and pkcs11
* fixed number of warnings, resource leaks, overity-scan issues
* macosx
target minimum OSX version to 10.7
update the minimal building instructions.
locate and target the latest SDK to build against.
locate the best newest SDK present on the computer.
* build
disable Secure Messaging if OpenSSL is not used
* tools
util_get_pin helper function
* PIV
Add AES support for PIV General Authenticate
fixed invalid bit when writing PIV certificate object with gzipped certificate
fixed bad caching behavior of PIV PKCS15 emulator
* ePass2003
fixed failure due to re-authenticate of secure messaging when card is accessed
by multiple PKCS11 sessions
* MyEID
EC support for MyEID-v4 card
* openpgp
extended options for openpgp-tool
* asepcos
fixed puk handling
* sc-hsm
support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
improved error detection and reporting in sc-hsm-tool
fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
fix certificate delete bug
* IAS/ECC
fixed PKCS#11 compliance issues
support for Morpho IAS Agent Card
* cardos
overwrite content of deleted private key
* win32
setup improuvement
look & feel
custom actions with card registration
minidriver impouvement
fixed errors and warnings returned by Microsoft quality tool
pin-pad support
New in 0.14.0; 2014-05-31
* new card driver DNIe
* extended existing drivers by support of
Swedish eID card (gemsafeV1)
EstEID 3.5 (mcrd)
* bogus javacard driver removed
* build
return to the standard use of 'autoconf'
CI specific bootstrap script: git commit stamp for the built packages
windows friendly compile settings
fixed a ton of compiler warnings
fence against using EVP_sha256 mech
debian packaging templates
compile without OpenSSL and without SM
enable compiler warnings by default
win32
add 'VarFileInfo' block to version-info
include to MSI package 'openpgp-tool.exe'
'version-info' resource for each target
* macOSX
"graphical uninstaller" to distribution DMG
update package building to modern tools
new tool and SDK paths for OS X 10.8
improved opensc-installer from distribution
osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on
build 'fat' binaries i386
* common
added getpass implementation for non windows
* libopensc
allow for the pin to be entered on the keypad during issuing
introduce 'encoded-content' to the sc_file data
general usage method to allocate generalized time
* minidriver
implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin'
improved management of GUID
use reader pin pad if available and allowed
configuration options for
compose GUID
refuse create container mechanism
add registers file for feitian cards
fixed
return code in 'CardGetContainerInfo'
returned 'tries-left' for blocked card
length of stripped data in RSADecrypt
* pkcs#11
bind non-recognized card, generic 'init-token' procedure
fixed
CKA_VALUE of 'public-key' object
fix ASN1 encoding issues
PIN-NOT-INITIALIZED for the non-user PINs
buffers overflow
segfault due to the undefined 'application-file'
* pkcs15
'direct' public key in PuKDF encoding
implement SPKI public key encoding
include and maintain minidriver framework data: cmap-record, md-flags, GUID, ..
fixed
encoding of 'SubjectPublicKeyInfo'
DER encoding of 'issuer' and 'subject'
PIN validation in 'pkcs15-verify'
public key algorithm
ECC public key encoding
ECC ecpointQ
* pkcs15init
introduce 'max-unblocks' PIN init parameter
keep cert. blob in cert-info data
file 'content' and 'prop-attrs' in the card profile
in profile more AC operations are parsed
fixed
NULL pointer dereference error
NULL 'store-key' handle
ignore if no TokenInfo file to update
set EC pubkey parameters from init data
* reader-pcsc
fixed
implicit pin modification
pin checking when implicitly given
verify/modify pinpad commands
* SM
common SM 'increase-sequence-counter' procedure
move SM APDU procedures to dedicated source file
move SM common crypto procedures to the dedicated library
* doc
documentation for --list-token-slots
* default driver
do not send possibly arbitrary APDU-s to an unknown card.
by default 'default' card driver is disabled
* sc-hsm
Added support for
persistent EC public keys generated from certificate signing requests
token label to be set via C_InitToken or sc-hsm-tool
unblock PIN using C_InitPIN()
initialize EC key params
fixed
bug that prevents a newly generated 2048 key to show up at the PKCS#11 interface
bug when changing SO-PIN with opensc-explorer sc-hsm-tool
memory checking and removed warning
problem deleting CA certificates sc-hsm
public key format returned when generating ECC keys
sc-hsm-tool
better error handling for non-SmartCard-HSM cards
support for DKEK password sharing scheme
threshold scheme parameters to manpage
crash on Windows when --wrap-key frees memory allocated in opensc.dll
* ias
simplify the compute signature operation
* PIV
use SPKI encoding for public key data
extract public key from cert if no object on card
fix
segfault and valgrind issue
gen_key to expect the proper PIV Key references
* CardOS
build for Windows
use information from AlgorithmInfo
supported CardOS V5.0
* epass2003
key generation allows stricter privkey/pubkey ACLs
list_files implemented
properly disable padding
allow exponents other than 65537
* myeid
fixed file-id in myeid.profile
* entersafe
fix a bug when writing public key
* EstEID
match card only based on presence of application.
* pteid
do not call the iso7816 driver get_response operation
* myeid
support of EC key is broken
|
|
1.4.24 - 7 August 2015, Ludovic ROUSSEAU
- 253 new ATRs
- ATR_analysis: better update of the local cache
1.4.23 - 13 September 2014, Ludovic ROUSSEAU
- 137 new ATRs
|
|
1.8.14: Ludovic Rousseau
5 August 2015
- Threading: lock the PC/SC context in a safe way
- Threading: lock the card context in a safe way
- SCardGetStatusChange(): fix card movement rare bug
- Doxygen:
. SCardTransmit() may return SCARD_E_INSUFFICIENT_BUFFER
. SCardEndTransaction() The disposition IS used and the dwDisposition
parameter HAS an effect.
. SCardReconnect() do not release locks
. fix typos
- Move the source code repository from subversion to git
- Use asprintf(3) instead of strlcat(3) and strlcpy(3)
- Allow to use pcscd in a remote session (polkit issue)
- Some other minor improvements and bug corrections
pcsc-lite-1.8.13: Ludovic Rousseau
7 November 2014
- fix a systemd + libudev hotplug bug introduced in version 1.8.12.
The list of readers was not (yet) available just after the start of pcscd
- Make the license more 3-clause BSD like
- fix a rare race condition in the (non default) libusb hotplug
- Some other minor improvements and bug corrections
|
|
1.4.20 - 5 August 2015, Ludovic Rousseau
- Add support of
. ACS ACR1251 Dual Reader
. Access IS NFC Smart Module
. BIFIT iToken
. BLUTRONICS BLUDRIVE II CCID (idProduct: 0x1079)
. Generic MultiCard Device
. NXP Pegoda 2 N
. SafeNet eToken 5100
. SafeNet eToken 7300
. Yubico Yubikey 4 CCID
. Yubico Yubikey 4 OTP+CCID
. Yubico Yubikey 4 OTP+U2F+CCID
. Yubico Yubikey 4 U2F+CCID
- Depends on libusb version 1.0.9 instead of 1.0.8
- The O2 Micro Oz776 reader only supports 9600 bps
- Change installation directory for Mac OS X El Capitan 10.11
1.4.19 - 13 May 2014, Ludovic Rousseau
- Add support of
. AK910 CKey (idProduct 0x0001)
. AK910 CKey (idProduct 0x0011)
. AK910 IDONE
. Broadcom Corp 5880 (idProduct: 0x5804)
. CASTLES EZCCID Smart Card Reader
. Cherry KC 1000 SC
. Cherry KC 1000 SC Z
. Cherry KC 1000 SC/DI
. Cherry KC 1000 SC/DI Z
. Cherry TC 1300
. Chicony USB Smart Card Keyboard
. Elatec TWN4 SmartCard NFC
. Feitian 502-CL
. Feitian eJAVA Token
. FujitsuTechnologySolutions GmbH Keyboard KB100 SCR
. FujitsuTechnologySolutions GmbH Keyboard KB100 SCR eSIG
. Hewlett-Packard HP lt4112 Gobi 4G Module
. Identive SCT3522CC token
. OMNIKEY AG 6121 USB mobile
. PIVKey T800
. REINER SCT tanJack Bluetooth
. Watchdata USB Key
- Add syslog(3) debug for Mac OS X Yosemite.
Use: sudo syslog -c "com.apple.ifdreader PID" -d to change the logging level.
See also "Change syslog logging level on Yosemite"
http://ludovicrousseau.blogspot.com/2015/03/change-syslog-logging-level-on-yosemite.html
- Remove ZLP patch for Gemalto IDBridge CT30 and K30. The patch was
causing problems with the K50. A new reader firmware (version F)
solved the problem so the patch is no more needed.
- Fix a memory leak in an error path
- some minor bugs removed
|
|
|
|
1.0.1 - 2015-09-05
~~~~~~~~~~~~~~~~~~
* We now ship OS X wheels that statically link OpenSSL by default. When
installing a wheel on OS X 10.10+ (and using a Python compiled against the
10.10 SDK) users will no longer need to compile. See :doc:`/installation` for
alternate installation methods if required.
* Set the default string mask to UTF-8 in the OpenSSL backend to resolve
character encoding issues with older versions of OpenSSL.
* Several new OpenSSL bindings have been added to support a future pyOpenSSL
release.
* Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+.
|
|
|
|
|
|
for use on OpenBSD, there is a separate release for that.
Reviewed by wiz@
|
|
|
|
|
|
|
|
---------------
2.019 2015/09/01
- work around different behavior of getnameinfo from Socket and Socket6 by
using a different wrapper depending on which module I use for IPv6.
Thanks to bluhm for reporting.
|
|
|
|
+ rename all the symbols I could fine which could conflict with those
in libcrypto. requested by joerg
|
|
Systems without https support in their fetch tools can get the distfiles
from ftp.NetBSD.org.
|
|
/usr/bin/ftp (at least) can't fetch https URLs, and we verify
distfiles by checksum anyway.
|
|
2015-05-21 - 0.9.38
- removed code compatibility for PHP <5.4 (lots of code + ifdefs)
- allow https location for suhosin.filter.action
- fixed newline detection for suhosin.mail.protect
- Added suhosin.upload.max_newlines to protect againt DOS attack via many
MIME headers in RFC1867 uploads (CVE-2015-4024)
- mail related test cases now work on linux
|
|
1.0.4
This is a build maintenance release only so there is no need to upgrade.
- Make use of --with-libdir so installers can override the lib default (RHEL
uses lib64 for example)
- Clean up the build script to standardise the code constructs used
- Add LICENSE, README and CREDITS to PECL package configuration
1.0.3
Bug #60347 OSX can't build as .so hardcoded
|
|
** Version 2.13 - 24 Apr 2015
* New Features
- Added fuzzy_set_total_input_length function to the API.
- Added support for files up to 192GB.
- Added support for arbitrary length input from the standard input.
* Bug Fixes
- Fixed issue when comparing hashes from relatively simple files.
- Fixed portability issues.
** Version 2.12 - 24 Oct 2014
* Bug Fixes
- Fixed issue when comparing identical hashes but with different
block sizes.
|
|
2.018 2015/08/27
- RT#106687 - startssl.t failed on darwin with old openssl since server
requested client certificate but offered also anon ciphers
|
|
Noteworthy changes in version 1.20 (2015-08-26) [C16/A16/R0]
-----------------------------------------------
* New macros for GCC attributes.
* Make es_set_binary actually work for Windows.
* Allow building without thread support.
* Build without a build timestamp by default.
* Interface changes relative to the 1.19 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPGRT_VERSION NEW macro.
GPGRT_VERSION_NUMBER NEW macro.
GPGRT_INLINE NEW macro.
GPGRT_GCC_VERSION NEW macro.
GPGRT_ATTR_NORETURN NEW macro.
GPGRT_ATTR_PRINTF NEW macro.
GPGRT_ATTR_NR_PRINTF NEW macro.
GPGRT_ATTR_FORMAT_ARG NEW macro.
GPGRT_ATTR_SENTINEL NEW macro.
GPGRT_ATTR_USED NEW macro.
GPGRT_ATTR_UNUSED NEW macro.
GPGRT_ATTR_DEPRECATED NEW macro.
GPGRT_ATTR_PURE NEW macro.
GPGRT_ATTR_MALLOC NEW macro.
GPGRT_HAVE_MACRO_FUNCTION NEW macro.
GPGRT_HAVE_PRAGMA_GCC_PUSH NEW macro.
|
|
|
|
Changes in version 3.12.0 are:
* Build fixes
Changes in version 3.11.92 are:
* This library is now deprecated
Changes in version 3.10.1 are:
* Updated translations
Changes in version 3.10.0 are:
* Build fixes
Changes in version 3.9.1 are:
* Build fixes and tweaks
Changes in version 3.8.0 are:
* Updated translations
Changes in version 3.7.92 are:
* Updated translations
Changes in version 3.7.91 are:
* Build fixes [#691343]
Changes in version 3.7.5 are:
* Updated translations
* Build fixes
Changes in version 3.7.2 are:
* Share the secure memory pool with libsecret and gcr
* Other minor tweaks
Changes in version 3.6.0 are:
* Updated translations
Changes in version 3.5.6 are:
* More warnings about attributes not being stored secretly
* Build fixes
* Updated translations
Changes in version 3.5.4 are:
* Vala bindings
Changes in version 3.5.3 are:
* Fix debugging for G_MESSAGES_DEBUG
* Some minor fixes to avoid vala regressions
|
|
it helps to replace BUILDLINK_PREFIX, too. Hi wiz!
|
|
- Update from Mozilla repository
- Update license to match license of data source (MPL 2)
|
|
---------------------
Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0]
------------------------------------------------
* Added gpgme_set_offline to do a key listinging w/o requiring CRL.
* Added gpgme_set_status_cb to allow a user to see some status
messages.
* Added an export mode for secret keys.
* More precise error codes are returned if GnuPG >= 2.1.8 is used.
* The passphrase handler for the loopback mode has been improved and may
also be used with genkey.
* [w32] The standard GnuPG 2.1 install directory is now seached for
gpgconf.exe before a registry specified directory and the Gpg4win
install directory.
* [w32] gpgme-w32spawn.exe will now only be searched in the gpgme DLL
directory.
* Interface changes relative to the 1.5.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_set_offline NEW.
gpgme_get_offline NEW.
gpgme_set_status_cb NEW.
gpgme_get_status_cb NEW.
GPGME_EXPORT_MODE_SECRET NEW
GPGME_EXPORT_MODE_RAW NEW.
GPGME_EXPORT_MODE_PKCS12 NEW.
|
|
2.017 2015/08/24
- checks for readability of files/dirs for certificates and CA no longer use
-r because this is not safe when ACLs are used. Thanks to BBYRD, RT#106295
- new method sock_certificate similar to peer_certificate based on idea of
Paul Evans, RT#105733
- get_fingerprint can now take optional certificate as argument and compute
the fingerprint of it. Useful in connection with sock_certificate.
- check for both EWOULDBLOCK and EAGAIN since these codes are different on
some platforms. Thanks to Andy Grundman, RT#106573
- enforce default verification scheme if none was specified, i.e. no longer
just warn but accept. If really no verification is wanted a scheme of
'none' must be explicitely specified.
- support different cipher suites per SNI hosts
|
|
|
|
Significant changes since 1.1.6:
* You can now specify "-" as the input file, meaning standard input.
* Lots and lots of code reorganization, including changes to the build system.
* scrypt now consults the hw.memsize sysctl on relevant platforms to figure
out how much memory is available. (This should help on OS X.)
* scrypt now detects and uses AESNI instructions for encryption/decryption.
* scrypt now detects and uses SSE2 instructions automatically (and thus there
is no longer an --enable-sse2 option to the configure script).
|
|
|
