| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bugfixes:
* SUPPORT-42: ./configure fails on FreeBSD (or if ldns is not installed in a
directory in the default search path of the complier).
* OpenDNSSEC does not compile against ldns 1.6.16 on platforms that rely on
the OpenDNSSEC implementation of strlcpy/cat
|
|
New in 0.6.20; 2010-02-16; Andreas Jellinghaus
* Modify Rutoken S binary interfaces by Aktiv Co.
* Makefiles fixed in doc/ directory
New in 0.6.19; 2010-01-07; Andreas Jellinghaus
* update on udev rules. Please now use udev instead of hal,
as distributions are deprecating hal in favor for udev.
* Thanks to Daniel Kahn Gillmor for testing on debian.
|
|
No functional change, other than building with both or neither
cardreader package will error from the options framework instead of at
configure time.
|
|
This does not make any functional changes - it is just rearranging and
comments.
|
|
|
|
libsecret is a library for storing and retrieving passwords and
other secrets. It communicates with the "Secret Service" using
DBus. gnome-keyring and ksecretservice are both implementations of
a Secret Service.
|
|
Thanks to manu@ for testing and resolving pcsc-lite ptthread leakage
problems.
Note that pcsc-lite and openct should be an options group.
Disable some obsolete CONFIGURE_ARGS.
Work around assumption that either getopt_long_only is present or
allgetopt functions must be provided.
Finnish EID patches have been applied upstream (from whence they came,
perhaps).
From upstream NEWS:
Complete change history is available online:
http://www.opensc-project.org/opensc/timeline
New in 0.12.2; 2011-07-15
* Builds are now silent by default when OpenSC is built from source on Unix.
* Using --wait with command line tools works with 64bit Linux again.
* Greatly improved OpenPGP card support, including OpenPGP 2.0 cards
like the one found in German Privacy Foundation CryptoStick.
* Fixed support for FINeID cards issued after 01.03.2011 with 2048bit keys.
* #256: Fixed support for TCOS cards (broken since 0.12.0).
* Added support for IDKey-cards to TCOS3 driver.
* #361: Improved PC/SC driver to fetch the maximum PIN sizes from the open
source CCID driver. This fixes the issue for Linux/OSX with recent driver.
* WindowsInstaller now installs only static DLL-s (PKCS#11, minidriver) to
system folder.
* Fix FINeID cards for organizations.
* Several smaller bugs and compiler warnings fixed.
New in 0.12.1; 2011-05-17
* New card driver: IAS/ECC 1.0.1
* rutoken-tool has been deprecated and removed.
* eidenv and piv-tool utilities now have manual pages.
* pkcs11-tool now requires the use of --module parameter.
* All tools can now use an ATR as an argument to --reader, to skip to the
card with given ATR.
* opensc-tool -l with -v now shows information about the inserted cards.
* Creating files have an enforced upper size limit, 64K
* Support for multiple PKCS#15 applications with different AID-s.
PKCS#15 applications can be listed with pkcs15-tool --list-applications.
Binding to a specific AID with PKCS#15 tools can be done with --aid.
* Hex strings (like card ATR or APDU-s) can now be separated by space, in
addition to colons.
* Pinpad readers known to be bogus are now ignored by OpenSC. At the moment
only "HP USB Smart Card Keyboard" is disabled.
* Windows installer is now distributed as a statically built MSI, for both
x86 and x64.
* Numerous compiler warnings, unused code and internal bugs have been
eliminated.
New in 0.12.0; 2010-12-22
* OpenSC uses a single reader driver, specified at compile time.
* New card driver: Italian eID (CNS) by Emanuele Pucciarelli.
* New card driver: Portuguese eID by João Poupino.
* New card driver: westcos by François Leblanc.
* pkcs11-tool can use a slot based on ID, label or index in the slot list.
* PIN flags are updated from supported cards when C_GetTokenInfo is called.
* Support for CardOS 4.4 cards added.
* Fature to exclude readers from OpenSC PKCS#11 via "ignored_readers"
configuration file entry.
* #229: Support semi-automatic fixes to cards personalized with older and
broken OpenSC versions.
* Software keys removed from pkcs15-init and the PKCS#11 module. OpenSC
can either generate keys on card or import plaintext keys to the card, but
will never generate plaintext key material in software by itself.
All traces of a software token (PKCS#15 Section 7) shall be removed.
* Updates to PC/SC driver to build with pcsc-lite >= 1.6.2
* Build script for a binary Mac OS X installer for 10.5 and 10.6 systems.
Binary installer includes OpenSC.tokend for platform integration.
10.6 installer includes engine_pkcs11.
* Modify Rutoken S binary interfaces by Aktiv Co.
* Support GOST R 34.10-2001 and GOST R 34.11-94 by Aktiv Co.
* CardOS driver now emulates sign on rsa keys with sign+decrypt usage
with padding and decrypt(). This is compatible with old cards and
card initialized by Siemens software. Removed "--split-key" option,
as it is no longer needed.
* Improved debugging support: debug level 3 will show everything
except of ASN1 and card matching debugging (usualy not needed).
* Massive changes to libopensc. This library is now internal, only
used by opensc-pkcs11.so and command line tools. Header files are
no longer installed, library should not be used by other applications.
Please use generic PKCS#11 interface instead.
* #include file statements cleaned up: first include "config.h", then
system headers, then additional libraries, then headers in opensc
(but from other directories), then header files from same directory.
Fix path to reference headers, remove src/include/ directory.
* Various source code fixes and improvements.
* OpenSC now depends on xsltproc utility and docbook-xsl to build docs and man
* Remove iconv dependency. EstEID driver now uses the commonName from the
certificate for card label.
* Possibility to change the default behavior for card resets via
opensc.conf.
|
|
This is necessary to avoid making opensc threaded, since then it can't
be dlopened by a non-threaded program.
Add patch comments.
Set LICENSE (modified-bsd, verified via wdiff).
This change is almost entirely due to manu@.
|
|
|
|
Upstream has removed the code that this package uses, as upstream
believes there are no users.
(Proposed on pkgsrc-users with no objections.)
|
|
|
|
Fix a tyop in DESCR.
Upstream changes:
-----------------
v1.9.0 (6th Nov 2012)
---------------------
* #97 (with a little #93): Improve config parsing of `ProxyCommand` directives
and provide a wrapper class to allow subprocess-driven proxy commands to be
used as `sock=` arguments for `SSHClient.connect`.
* #77: Allow `SSHClient.connect()` to take an explicit `sock` parameter
overriding creation of an internal, implicit socket object.
* Thanks in no particular order to Erwin Bolwidt, Oskari Saarenmaa, Steven
Noonan, Vladimir Lazarenko, Lincoln de Sousa, Valentino Volonghi, Olle
Lundberg, and Github user `@acrish` for the various and sundry patches
leading to the above changes.
v1.8.1 (6th Nov 2012)
---------------------
* #90: Ensure that callbacks handed to `SFTPClient.get()` always fire at least
once, even for zero-length files downloaded. Thanks to Github user `@enB` for
the catch.
* #85: Paramiko's test suite overrides
`unittest.TestCase.assertTrue/assertFalse` to provide these modern assertions
to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7,
this now causes deprecation warnings. The overrides have been patched to only
execute when necessary. Thanks to `@Arfrever` for catch & patch.
v1.8.0 (3rd Oct 2012)
---------------------
* #17 ('ssh' 28): Fix spurious `NoneType has no attribute 'error'` and similar
exceptions that crop up on interpreter exit.
* 'ssh' 32: Raise a more useful error explaining which `known_hosts` key line was
problematic, when encountering `binascii` issues decoding known host keys.
Thanks to `@thomasvs` for catch & patch.
* 'ssh' 33: Bring `ssh_config` parsing more in line with OpenSSH spec, re: order of
setting overrides by `Host` specifiers. Specifically, the overrides now go by
file order instead of automatically sorting by `Host` value length. In
addition, the first value found per config key (e.g. `Port`, `User` etc)
wins, instead of the last. Thanks to Jan Brauer for the contribution.
* 'ssh' 36: Support new server two-factor authentication option
(`RequiredAuthentications2`), at least re: combining key-based & password
auth. Thanks to Github user `bninja`.
* 'ssh' 11: When raising an exception for hosts not listed in
`known_hosts` (when `RejectPolicy` is in effect) the exception message was
confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for
highlighting the issue.
* 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk.
* 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the
implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch.
* 'ssh' 24: Switch some internal type checking to use `isinstance` to help prevent
problems with client libraries using subclasses of builtin types. Thanks to
Alex Morega for the patch.
* Fabric #562: Agent forwarding would error out (with `Authentication response
too long`) or freeze, when more than one remote connection to the local agent
was active at the same time. This has been fixed. Thanks to Steven McDonald
for assisting in troubleshooting/patching, and to GitHub user `@lynxis` for
providing the final version of the patch.
* 'ssh' 5: Moved a `fcntl` import closer to where it's used to help avoid
`ImportError` problems on Windows platforms. Thanks to Jason Coombs for the
catch + suggested fix.
* 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit
Windows. Thanks again to Jason Coombs for the patch.
* Added an IO loop sleep() call to avoid needless CPU usage when agent
forwarding is in use.
* Handful of internal tweaks to version number storage.
* Updated `setup.py` with `==dev` install URL for `pip` users.
* Updated `setup.py` to account for packaging problems in PyCrypto 2.4.0
* Added an extra `atfork()` call to help prevent spurious RNG errors when
running under high parallel (multiprocess) load.
* Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a
ssh-keygen like demo module. (Sofian Brabez)
v1.7.7.2 16may12
----------------
* Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which
fixes exceptions that occur when re-keying over fast connections. (Dwayne
Litzenberger)
|
|
* SOFTHSM-28: Support RSASSA-PSS signature scheme.
* SOFTHSM-29: The default location of the token database is
now $localstatedir/lib/softhsm/.
|
|
passes -Werror with clang.
|
|
tcl versions are more strict about this, should fix PR pkg/47186
by Joern Clausen
bump PKGREV
being here, set LICENSE (same as tcl)
|
|
Change MASTER_SITE, and therefore fetch with curl.
Specify C99, after guessing that from warnings.
Enable extra warnings (reported upstream).
2012-02-29 - Version 1.10
* PolarSSL crypto engine by Adriaan de Jong
* build: --disable-crypto-engine-win32 renamed to --disable-crypto-engine-cryptoapi
* api: PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 renamed to
PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_CRYPTOAPI.
* api: PKCS11H_ENGINE_CRYPTO_WIN32 renamed to
PKCS11H_ENGINE_CRYPTO_CRYPTOAPI
2011-08-16 - Version 1.09
* Do not retry if CKR_BUFFER_TOO_SMALL and none NULL target.
* Fixup OpenSSL engine's rsa_priv_enc to use RSA size output buffer.
|
|
|
|
* ykinfo: New tool to print information about YubiKey.
* ykpersonalize: Add -z flag to zap configuration on YubiKey.
* Fix PBKDF2 implementation.
|
|
values if in non-void functions.
|
|
|
|
|
|
* OPENDNSSEC-330: NSEC3PARAM TTL should be set to zero.
Bugfixes:
* OPENDNSSEC-306: Cant delete zone until Enforcer made signerconf.
* OPENDNSSEC-281: Commandhandler sometimes unresponsive.
* OPENDNSSEC-299: ods-ksmutil <enter> now includes policy import
* OPENDNSSEC-300: ods-ksmutil policy purge documented with a warning
* OPENDNSSEC-338: ods-ksmutil: fix zone delete on MySQL (broken by SUPPORT-27)
* OPENDNSSEC-342: Auditor comparisons made case-insensitive
* OPENDNSSEC-345: ods-ksmutil: use ods-control to HUP the enforcerd process
|
|
|
|
passwords (OTP) generated via the HOTP/OATH algorithm defined in RFC 4226.
|
|
* Add udev rules files to packed distribution.
Version 1.8.1 (released 2012-10-17)
* Memory leak fixes and potential crash fixes in osx backend.
* Error reporting fixes in osx backend, reporting correct errors and
better errors.
* Provide new another udev permissions file that works on udev version
greater than 188. Autodetects from configure which to use.
* Add new binary ykinfo, can be used to get serial number, version and
touch level from a YubiKey.
Version 1.8.0 (released 2012-09-28)
* Added ./configure --enable-gcc-warnings to enable a lot of warnings.
* Added Continuous integration at travis-ci
(http://travis-ci.org/#!/Yubico/yubikey-personalization)
* Added yk_challenge_response() function for doing challenge response
with a key.
* Fixed functions for NDEF writing, adding:
ykp_ndef_alloc(), ykp_ndef_free() and ykp_set_ndef_access_code()
also providing compatible name YK_NDEF in ykcore.h and exporting
yk_write_ndef() there.
Change return values from ndef_construct_*() functions to make them
consistent with the rest of the library.
* Fixed a crash bug when the library was called from different threads.
* Check return code from libusb_init() so we avoid crashing there.
Also use a usb context instead of relying on default.
* Fix numerous warnings.
* Fix compilation in MSVC2010.
Version 1.7.0 (released 2012-06-07)
* Add support for new features in YubiKey 2.3:
ALLOW_UPDATE flag that allows updating of configuration in slots.
Update command (-u) to do update of existing config.
Swap command (-x) to swap contents of two updatable slots
DORMANT flag that's settable/removable if ALLOW_UPDATE is set
USE_NUMERIC_KEYPAD flag for sending the OATH OTP using keypad scan codes
instead
FAST_TRIG flag for faster triggering of slot one if slot two is empty
* Change the library around some to make the 2.3 features available.
Use ykp_alloc() instead of ykp_create_config().
Use ykp_configure_version() instead of ykp_configure_for() to set the version.
Use ykp_configure_command() instead of ykp_configure_for() to set slot.
Use yk_write_command() instead of yk_write_config().
The new commands doesn't set any default configuration at all.
* Add library support for the YubiKey NEO beta
ykp_construct_ndef_uri() for preparing a URI to write.
ykp_construct_ndef_text() for preparing a text to write.
yk_write_ndef() to write the constructed NDEF.
* Add support for the YubiKey NEO beta
Writing NDEF URI with -n http://example.com/foo/
Writing NDEF Text record with -t example
|
|
* Compability with curl versions before 7.20.
* Fix signature checking on ARM (at least).
|
|
* liboath: The usersfile is now fflush'ed and fsync'ed.
* liboath: A memory leak fixed.
* oathtool: The --counter parameter now works on 32-bit platforms.
* API and ABI is backwards compatible with the previous version.
OATH_FILE_FLUSH_ERROR: Added.
OATH_FILE_SYNC_ERROR: Added.
OATH_FILE_CLOSE_ERROR: Added.
OATH_LAST_ERROR: Added.
Version 1.12.5 (released 2012-08-19)
* oathtool: The --counter parameter now supports larger values.
Before it used an 'int' type and now it uses a 'longlong' type.
Needed for eSecuTech tokens as they use a 64-bit value for their
initial counter. see <https://savannah.nongnu.org/support/?108114>.
* Added gnulib self-tests.
* API and ABI is backwards compatible with the previous version.
Version 1.12.4 (released 2012-06-17)
* liboath: Usersfile code handles multiple lines for a single user.
This can be used when a single user carries multiple tokens (with
different OATH secrets) and any of them should be permitted.
* API and ABI is backwards compatible with the previous version.
Version 1.12.3 (released 2012-05-31)
* pam_oath: Fix "try_first_pass".
* API and ABI is backwards compatible with the previous version.
Version 1.12.2 (released 2012-04-04)
* liboath: usersfile function now works on FreeBSD.
* tests: liboath usersfile self-test is skipped if there is no datefudge.
* API and ABI is backwards compatible with the previous version.
Version 1.12.1 (released 2012-04-01)
* liboath, oathtool: Base32 decoding now permit lowercase characters.
* API and ABI is backwards compatible with the previous version.
Version 1.12.0 (released 2012-04-01)
* oathtool: Added --base32 parameter to decode base32 keys.
* oathtool: Verbose output (-v) now print key data in base32 format too.
* liboath: Added base32 functions. Added hex encoding function.
The new APIs are oath_bin2hex, oath_base32_decode, and
oath_base32_encode.
* liboath: Gnulib's snprintf is used for better portability.
The system snprintf is known to have bugs on some systems, see the
Gnulib manual for more information.
* API and ABI is backwards compatible with the previous version.
oath_bin2hex: New function.
oath_base32_decode: New function.
oath_base32_encode: New function.
OATH_INVALID_BASE32: New error code.
OATH_BASE32_OVERFLOW: New error code.
OATH_MALLOC_ERROR: New error code.
|
|
- Fix X-HKP-Results-Count so that limit=0 returns no results, but include
the header, to let a client poll for how many results exist, without
retrieving any. See:
http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html
- Add UPGRADING document to explain upgrading Berkeley DB without
rebuilding. System bdb versions often change with new SKS releases
for .deb and .rpm distros.
- Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
- Update cryptokit from version 1.0 to 1.5 without requiring OASIS
build system or other additional dependencies
- build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
- common.ml and reconSC.ml were using different values for minumimum
compatible version. This has been fixed.
- Added new server mime-types, and trying another default document (Issue 6)
In addition to the new MIME types added in 1.1.[23], the server now
looks over a list and and serves the first index file that it finds
Current list: index.html, index.htm, index.xhtml, index.xhtm, index.xml.
- options=mr now works on get as well as (v)index operations. This is
described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
sections 3.2.1.1. and 5.1.
- Updated copyright notices in source files
- Added sksclient tool, similar to old pksclient
- Add no-cache instructions to HTTP response (in order for reverse proxies
not to cache the output from SKS)
- Use unique timestamps for keydb to reduce occurrances of Ptree corruption.
- Added Interface specifications (.mli files) for modules that were missing
them
- Yaron pruned some no longer needed source files from the tree.
- Improved the HTTP status and HTTP error codes returned for various
situations and added checks for more error conditions.
- Add a suffix to version (+) indicating non-release or development builds
- Add an option to specify the contact details of the server administrator
that shows in the status page of the server. The information is in the
form of an OpenPGP KeyID and set by server_contact: in sksconf
- Add a `sks version` command to provide information on the setup.
- Added configuration settings for the remaining database table files. If
no pagesize settings are in sksconf, SKS will use 2048 bytes for key
and 512 for ptree. The remainining files' pagesize will be set by BDB
based on the filesystem settings, typically this is 4096 bytes.
See sampleConfig/sksconf.typical for settings recommended by db_tuner.
- Makefile: Added distclean target. Dropped autogenerated file from VCS.
- Allow tuning BDB environment before creation in [fast]build and pbuild.
If DB_CONFIG exists in basedir, copy it to DB dir before DB creation.
Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG.
- Add support for Elliptic Curve Public keys (ECDSA, ECDH)
- Add check if an upload is a revocation certificate, and if it is,
produce an error message tailored for this.
1.1.3
- Makefile fix for 'make dep' if .depend does not exist. Issue #4
- Makefile fix: sks and sks_add_mail fail to link w/o '-ccopt -pg'
Issue #23
- Added -disable_mailsync and -disable_log_diffs to sks.pod
- Added file extensions .css, .jpeg, .htm, .es, .js, .xml, .shtml, .xhtm,
.xhtml and associated MIME types to server code. Part of Issue #6
- Added sample configuration files in sampleConfig directory
- Added sample web page files in sampleWeb directory. Issues #7, 9, 19
- Allow requests for non-official options hget, hash, status, & clean to
be preceded by '-x'. Closes issues #10, 11, 13, & 14.
- Allow &search with long subkey ID (16 digit) and subkey fingerprint
subkey lookup was failing with other than a short key ID. However,
public key lookup was working with short and long key ID and fingerprints.
This patch makes subkey lookup behave the same as full key lookup.
http://lists.gnupg.org/pipermail/gnupg-users/2012-January/043495.html
- Patch recon script so that POST includes HTTP version number.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A command line interface (interactive shell) to work with KeePass
1.x and 2.x database files.
|
|
|
|
File::KeePass gives access to KeePass version 1 (kdb) and version
2 (kdbx) databases.
The version 1 and version 2 databases are very different in
construction, but the majority of information overlaps and many
algorithms are similar. File::KeePass attempts to iron out as many
of the differences.
File::KeePass gives nearly raw data access. There are a few utility
methods for manipulating groups and entries. More advanced manipulation
can easily be layered on top by other modules.
File::KeePass is only used for reading and writing databases and
for keeping passwords scrambled while in memory. Programs dealing
with UI or using of auto-type features are the domain of other
modules on CPAN. File::KeePass::Agent is one example.
|
|
changes:
--bugfixes
-added an OCSP function
|
|
Needed on at least CentOS 6.3
|
|
|
|
It is in pure python to avoid portability issues, since most DES
implementations are programmed in C (for performance reasons).
Triple DES class is also implemented, utilising the DES base. Triple DES
is either DES-EDE3 with a 24 byte key, or DES-EDE2 with a 16 byte key.
See the "About triple DES" section below more info on this algorithm.
The code below is not written for speed or performance, so not for those
needing a fast des implementation, but rather a handy portable solution
ideal for small usage.
|
|
strings. Fix return type of intermediate used for return value of
wcrtomb.
|
|
|
|
Upstream changes:
2.31 Tue Oct 30 07:03:40 EDT 2012
- Fixes to regular expressions to avoid rare failures to
correctly strip padding in decoded messages.
- Add padding type = "none".
- Both fixes contributed by Bas van Sisseren.
|
|
4+ years worth of patches.
|
|
|
|
Today you need to remember many passwords. You need a password for
the Windows network logon, your e-mail account, your website's FTP
password, online passwords (like website member account), etc. etc.
etc. The list is endless. Also, you should use different passwords
for each account. Because if you use only one password everywhere
and someone gets this password you have a problem... A serious
problem. The thief would have access to your e-mail account, website,
etc. Unimaginable.
KeePass is a free open source password manager, which helps you to
manage your passwords in a secure way. You can put all your passwords
in one database, which is locked with one master key or a key file.
So you only have to remember one single master password or select
the key file to unlock the whole database. The databases are
encrypted using the best and most secure encryption algorithms
currently known (AES and Twofish).
|
|
|
|
|
