| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changelog:
20130114
- New certificate: "T-TeleSec GlobalRoot Class 3"
|
|
Changes from previous:
----------------------
v1.86 2013.04.17
- RT#84686 - don't complain about SSL_verify_mode is SSL_reuse_ctx,
thanks to CLEACH
v1.85 2013.04.14
- probe for available modules with local __DIE__ and __WARN__handlers.
fixes RT#84574, thanks to FRAZER
- fix warning, when IO::Socket::IP is installed and inet6 support gets explictly
requested. RT#84619, thanks to Prashant[DOT]Tekriwal[AT]netapp[DOT]com
v1.84 2013.02.15
- disabled client side SNI for openssl version < 1.0.0 because of RT#83289
- added functions can_client_sni, can_server_sni, can_npn to check avaibility
of SNI and NPN features. Added more documentation for SNI and NPN.
v1.83_1 2013.02.14
- seperated documention of non-blocking I/O from error handling
- changed and documented behavior of readline to return the read
data on EAGAIN/EWOULDBLOCK in case of non-blocking socket.
See https://github.com/noxxi/p5-io-socket-ssl/issues/1, thanks to
mytram
v1.83 2013.02.03
- Server Name Indication (SNI) support on the server side, inspired by
patch provided by karel[DOT]miko[AT]gmail[DOT]com.
https://rt.cpan.org/Ticket/Display.html?id=82761
- reworked part of the documentation, like providing better examples.
v1.82 2013.01.28
- sub error sets $SSL_ERROR etc only if there really is an error,
otherwise it will keep the latest error. This causes
IO::Socket::SSL->new.. to report the correct problem, even if
the problem is deeper in the code (like in connect)
- correct spelling, rt#8270. Thanks to ETHER
v1.81 2012.12.06
- deprecated set_ctx_defaults, new name ist set_defaults (but old name
still available)
- changed handling of default path for SSL_(ca|cert|key)* keys: either
if one of these keys is user defined don't add defaults for the
others, e.g. don't mix user settings and defaults
- cleaner handling of module defaults vs. global settings vs. socket
specific settings. Global and socket specific settings are both
provided by the user, while module defaults not.
- make IO::Socket::INET6 and IO::Socket::IP specific tests run both,
even if both modules are installed by faking a failed load of the
other module.
v1.80 2012.11.30
- removed some warnings in test (missing SSL_verify_mode => 0) which
caused tests to hang on Windows.
https://rt.cpan.org/Ticket/Display.html?id=81493
v1.79 2012.11.25
- prepare transition to a more secure default for SSL_verify_mode.
The use of the current default SSL_VERIFY_NONE will cause a big warning
for clients, unless SSL_verify_mode was explicitly set inside the
application to this insecure value.
In the near future the default will be SSL_VERIFY_PEER, and thus
causing verification failures in unchanged applications.
v1.78 2012.11.25
- use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and
PeerPort from sockaddr in _update_peer, because this provides scope
too. Thanks to bluhm[AT]genua[DOT]de.
- work around systems which don't defined AF_INET6
https://rt.cpan.org/Ticket/Display.html?id=81216
Thanks to GAAS for reporting
|
|
Changes from previous:
----------------------
1.54 2013-03-23
t/data/testcert_cdp.crt.pem_dump and t/data/testcert_cdp.crt.pem were
missing from MANIFEST.
Added MANIFEST to svn
Improvement to test 07_sslecho.t so that if set_cert_and_key fails we
can tell why.
1.53 2013-03-22
Added support for SSL_export_keying_material where present (ie in OpenSSL
1.0.1 and later).
Changed t/handle/external/50_external.t to use www.airspayce.com instead of
perldition.org, who no longer have an https server.
Patch to fix a crash: P_X509_get_crl_distribution_points on an
X509 certificate with values in the CDP extension which do not have an
ia5 string will cause a segmentation fault when accessed. Patch from
Robert Duncan.
Change in t/local/32_x509_get_cert_info.t to not use
Net::SSLeay::ASN1_INTEGER_get, since it works differntly on 32 and 64 bit platforms.
Updated author and distribution location details to airspayce.com
1.52 2013-01-09
Rebuild package with gnu format tar, to prevent problems with unpacking
on other systems such as old Solaris,
1.51 2012-12-14
Fixed a problem where SSL_set_SSL_CTX is not available with
OpenSSL < 0.9.8f. Reported by Paul.
1.50 2012-12-13
Fixed a problem where t/handle/external/50_external.t would crash if any
of the test sites were not contactable.
Now builds on VMS. Patch kindly supplied by Craig A. Berry.
Fixed a few compiler warnings in SSLeay.xs. Most of them
are just signed/unsigned pointer mismatches but there is one that actually
fixes returning what would be an arbitrary value off the stack from
get_my_thread_id if it happened to be called in a non-threaded build.
Patch kindly supplied by Craig A. Berry.
Added README.VMS, contributed by Craig A. Berry.
Added SSL_set_tlsext_host_name, SSL_get_servername,
SSL_get_servername_type, SSL_CTX_set_tlsext_servername_callback for
server side Server Name Indication (SNI) support. Patched by kmx.
Further mods for VMS building supplied by Craig A. Berry.
Fixed a problem with C++ comments preventing builds on AIX and
HPUX. Patched by Gisle Aas.
perdition.org not available for tests, changed to www.airspayce.com
Added SSL_FIPS_mode_set
Improvements to test suite so it succeeds with and without FIPS mode
enabled. Patch supplied by Petr Pisar.
Added documentation, warning not to pass UTF-8 data in the content
argument to post_https. Reported by Jason Terry.
|
|
Changes from previous version:
* IPv6-host tracking support in the scan6 tool.
* A new tool, address6, to analyze IPv6 addresses
* Minor bug fixes
* PDF manual pages have been removed
* additional manual pages
pkgsrc changes:
* patch to avoid "uninitialised variable" warning from compiler
|
|
This package was upgraded to enable building on DragonFly. It was
using the -r gnu sed option which DragonFly doesn't support, but
this was fixed for version 1.1.15 per pkg/47282.
Additional changes include:
Version 1.1.6 (r131) released 2 Apr 2013
- Detect errors when writing to the new users.txt file
- Fix (harmless) bug where new users.txt file was not being closed
- Add -Werror configure flag to fail on compiler warnings
Version 1.1.5 (r124) released 29 Nov 2012
- Allow building on systems without strptime(3) (e.g., Windows)
- Add support for Apache 2.4.x
|
|
|
|
|
|
|
|
per PR pkg/47735
|
|
changes: minor fixes
|
|
changes: minor fixes
|
|
changes: minor fixes
|
|
|
|
This module provides access to shadow passwords on Linux, Solaris
and BSD like systems (falsely called OSX).
|
|
|
|
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
|
|
|
|
"INFO_FILES should be set to YES or yes."
"Packages that install info files should set INFO_FILES."
Makefile and PLIST warning, respectively.
|
|
|
|
'Please use ${ECHO_N} instead of "echo -n".'
|
|
|
|
|
|
|
|
it break to build openssl module for ruby193.
|
|
|
|
bugfixes, other quality improvements, new and improved KDE Applications
|
|
|
|
|
|
From PR 47705 by KAMADA Ken'ichi.
|
|
|
|
|
|
|
|
|
|
|
|
Packaged by Matthew Bauer <matthew.justin.bauer@gmail.com> during Google Code-In.
PAM module to authenticate using a PostgreSQL database.
|
|
* oathtool: Base32 decoding of keys are now more liberal in what accepts.
It can now accept keys on the "gr6d 5br7 25s6 vnck v4vl hlao re"
format, i.e., base32 data delimited using SPC and without padding.
The old proper base32 format is still supported.
* liboath: oath_base32_decode now ignores SPC and adds pad characters.
* liboath: If password in usersfile is + then ignore supplied password.
This enables the pam_oath module to be used with external password
verification. Based on patch from Ilkka Virta <itvirta@iki.fi>.
* tests: Fixed expiry date of some certificates used in the test suite.
The last release would only complete 'make check' during a 30 day window.
* API and ABI is backwards compatible with the previous version.
Version 2.0.1 (released 2012-10-24)
* libpskc, pskctool: Support sign and verify of PSKC data using XML DigSig.
* libpskc: XML Schema validation modified.
The entire PSKC schema is now supported (before the XML Digital
Signatures and Encryption parts were removed). The code now assumes
that the schema is available in the local XML catalog. Thanks to Liam
Quin for hints about XML catalogs.
* pskctool: the --check (-c) parameter was renamed to --info (-i).
* API and ABI is backwards compatible with the previous version.
Version 2.0.0 (released 2012-10-10)
* libpskc, pskctool: New components.
The OATH Toolkit now supports the Portable Symmetric Key Container
(PSKC) data format specified in RFC 6030 for dealing with key
provisioning. There is a new low-level library libpskc for managing
PSKC data for application developers and a new command line tool
pskctool for interacting with PSKC data for users. The PSKC
functionality depends on Libxml2 <http://xmlsoft.org/>. It can be
disabled unconditionally using the ./configure-parameter
--disable-pskc.
* liboath: Add manpages for library API.
* API and ABI is backwards compatible with the previous version.
|
|
* Fix a bug in the version check to support major version > 2 (neo).
Patch from https://github.com/wwest4
* Give ykpamcfg an option for specifying path.
|
|
* Fixup of broken release.
Version 1.11.2 (released 2013-01-09)
* Fix a bug where writing a NDEF with unknown prefix ended up writing invalid
data to the YubiKey NEO. Wrote prefix as 0x24 instead of 0x00.
* Don't allow opening a YubiKey if there's more than one present in the system.
* Fix shared linking of ykinfo and ykchalresp.
Version 1.11.1 (released 2012-12-21)
* Implement ykusb_strerror() on windows.
* Fix a bug where a YubiKey would fail to be recognized if there was
another device from Yubico (vendor id 1050) inserted and looked at
before in the device chain.
* Fix a bug where you could only set 8 bytes of the public id with
the command line tool, now all 16 bytes can be set.
* Documentation updates and fixes.
Version 1.11.0 (released 2012-12-12)
* Added version symbols and functions.
The header file is "ykpers-version.h" and it contains the following
symbols and functions: YKPERS_VERSION_STRING, YKPERS_VERSION_NUMBER,
YKPERS_VERSION_MAJOR, YKPERS_VERSION_MINOR, YKPERS_VERSION_PATCH,
ykpers_check_version.
Version 1.10.0 (released 2012-12-11)
* Support for the new productId of the production Neo.
Has ProducId 0x110, 0x111 or 0x112 depending on mode (see the notes about
-m and device_config).
* Add support for SLOT_NDEF2.
Use SLOT_NDEF to emit slot 1 as NDEF or SLOT_NDEF2 to emit slot 2.
This also adds the function yk_write_ndef2() that takes a slot parameter.
* Add -m flag for ykpersonalize, set usb mode of YubiKey NEO.
0 means pure YubiKey mode, 1 means pure CCID mode and 2 means YubiKey/CCID
composite mode. Add 80 to set EJECT_FLAG.
To use this with the api, see the functions:
ykp_alloc_device_config(), ykp_free_device_config(), ykp_set_device_mode(),
ykp_set_device_chalresp_timeout(), ykp_set_device_autoeject_time() and
yk_write_device_config().
* Add -S flag for ykpersonalize, set the scanmap of the YubiKey NEO.
Take an 90 character string describing 45 scancodes. See man page for more
info. To use this with the api see yk_write_scan_map().
* In the api add ykp_ndef_as_text() to export the text from a YK_NDEF structure.
* Higher timeout for configuration writes as in particular swap can take
longer than 600 ms.
|
|
* Added ./configure --enable-gcc-warnings to enable a lot of warnings.
* Warning fixes, build fixes etc.
|
|
|
|
Description:
stud is a network proxy that terminates TLS/SSL connections and forwards
the unencrypted traffic to some backend. It's designed to handle 10s
of thousands of connections efficiently on multicore machines.
stud has very few features. It is designed to be paired with an
intelligent backend like haproxy or nginx.
|
|
|
|
latest 20130316 sources.
Changes since previous version:
+ this version is completely standalone, and relies on no external
libraries (other than libc)
+ updated man page to reflect reality
+ minor configure script added
|
|
|
|
- Fixed problems in low level read_data() function triggered when an
incorrect key is used with some Tacacs+ servers, resulting in a 0-length
read(), causing a seg
fault on some platforms, and a very slow exit on others. This problem
appears to have been in tac_client ever since I inherited this library.
|
|
* bug Fixed bug introduced by changes on inc_soa_serial()
zkt 1.1.1
* bug Error fixed in zkt-conf in parsing the version number
* misc inc_soa_serial() now returns 0 on success
* bug Fixed bug in inc_serial()
The zone file wasn't closed on succesful change of the soa record.
Many thanks to Frederik Soderblom for fixing this.
|
|
Noteworthy changes in version 1.11 (2013-02-25)
-----------------------------------------------
* New error source GPG_ERR_SOURCE_ASSUAN for Libassuan related
errors.
* New macros GPG_ERROR_VERSION and GPG_ERROR_VERSION_NUMBER. New
function gpg_error_check_version.
* Interface changes relative to the 1.10 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPG_ERR_NO_KEYSERVER NEW.
GPG_ERR_INV_CURVE NEW.
GPG_ERR_UNKNOWN_CURVE NEW.
GPG_ERR_DUP_KEY NEW.
GPG_ERR_AMBIGUOUS NEW.
GPG_ERR_SOURCE_ASSUAN NEW.
gpg_error_check_version NEW.
GPG_ERROR_VERSION NEW.
GPG_ERROR_VERSION_NUMBER NEW.
|
|
2012-Nov-25 - v1.6 - Hide passwords (red on red) in the show
command unless the -f option is given. Added the --readonly command
line option. Added support for multi-line notes/comments; input
ends on a line holding a single ".".
|
|
Changes from 2.20.1 to 2.21:
New Features:
Generic CSV importer: a group separator can be specified now (for importing group trees).
Internal data viewer: added hex viewer mode (which is now the default for unknown data types).
In the 'Show Entries by Tag' menu, the number of entries having a specific tag is now shown right of the tag.
In the 'Add Tag' menu, a tag is now disabled if all selected entries already have this tag.
Auto-Type: added support for right modifier keys.
Added special key codes: {WIN}, {LWIN}, {RWIN}, {APPS}, {NUMPAD0} to {NUMPAD9}.
Interleaved sending of keys is now prevented by default (if you e.g. have an auto-type sequence that triggers another auto-type, enable the new option 'Allow interleaved sending of keys' in 'Tools' -> 'Options' -> tab 'Advanced').
Added '-auto-type-selected' command line option (other running KeePass instances perform auto-type for the currently selected entry).
Added option to additionally show references when showing dereferenced data (enabled by default).
The selection in a secure edit control is now preserved when unhiding and hiding the content.
The auto-type association editing dialog now does not hang anymore when a window of any other application hangs.
When an application switches from the secure desktop to a different desktop, KeePass now shows a warning message box; clicking [OK] switches back to the secure desktop.
Added 'OK'/'Cancel' buttons in the icon picker dialog.
Added support for importing LastPass 2.0.2 CSV files.
KeePass now shows an error message when the user accidentally attempts to use a database file as key file.
Added support for UTF-16 surrogate pairs.
Added UTF-8 BOM support for version information files.
The KeePass version is now also shown in the components list in the 'About' dialog.
File operations are now context-independent (this e.g. makes it possible to use the 'Activate database' trigger action during locking).
Plugins can now register their placeholders to be shown in the auto-type item editing dialog.
Plugins can now subscribe to IO access events.
Added workaround for .NET bug 694242; status dialogs now scale properly with the DPI resolution.
Added workaround for Mono DataGridView.EditMode bug.
Added workaround for Mono bug 586901; high Unicode characters in rich text boxes are displayed properly now.
Improvements / Changes:
When the main window UI is being unblocked, the focus is not reset anymore, if a primary control has the focus.
When opening the icon picker dialog, KeePass now ensures that the currently selected icon is visible.
Internal data viewer: improved visibility updating.
The e-mail box icon by default is not inherited by new entries anymore.
The database is now marked as modified when auto-typing a TAN entry.
Enhanced AnyPassword importer to additionally support CSV files exported by AnyPassword Pro 1.07.
Enhanced Password Safe XML importer (KeePass tries to fix the broken XML files exported by Password Safe 3.29 automatically).
IO credentials can be loaded over IPC now.
Enhanced user switch detection.
Even when an exception occurs, temporary files created during KDB exports are now deleted immediately.
Improved behavior on Unix-like systems when the operating system does not grant KeePass access to the temporary directory.
Improved critical sections that are not supposed to be re-entered by the same thread.
Improved secure desktop name generation.
When a dialog is closed, references within the global client image list to controls (event handlers) are removed now.
.NET 4.5 is now preferred, if installed.
PLGX plugins are now preferably compiled using the .NET 4.5 compiler, if KeePass is currently running under the 4.5 CLR.
Updated KB links.
Changed naming of translation files.
The installer now always overwrites the KeePassLibC 1.x support libraries.
Upgraded installer.
Various code optimizations.
Minor other improvements.
Bugfixes:
When locking multiple databases and cancelling a 'Save Changes?' dialog, the UI is now updated correctly.
'&' characters in dynamic menu texts, in dialog banner texts, in image combobox texts, in text box prompts and in tooltips are now displayed properly.
|
|
|
