pkgsrc/security/sks/distinfo

10 lines
460 B
Text
Raw Normal View History

1.1.5 - Fixes for machine-readable indices. Key expiration times are now read from self-signatures on the key's UIDs. In addition, instead of 8-digit key IDs, index entries now return the most specific key ID possible: 16-digit key ID for V3 keys, and the full fingerprint for V4 keys. - Add metadata information (number of keys, number of files, checksums, etc) to key dump. This allows for information on the key dump ahead of download/import, and direct verification of checksums using md5sum -c <metadata-file>. - Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2) - Upgraded to cryptlib-1.7 and own changes are now packaged as separate patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak - Option max_matches was setting max_internal_matches. Fixed (BB issue #4) - op=hget now supports option=mr for completeness (BB issue #17) - Add CORS header to web server responses. Allows JavaScript code to interact with keyservers, for example the OpenPGP.js project. - Change the default hkp_address and recon_address to making the default configuration support IPv6. (Requires OCaml 3.11.0 or newer) - Only use '-warn-error A' if the source is marked as development as per the version suffix (+) (part of BB Issue #2) - Reduce logging verbosity for debug level lower than 6 for (i) bad requests, and (ii) no results found (removal of HTTP headers in log) (BB Issue #13) - Add additional OIDs for ECC RFC6637 style implementations (brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches. - Fix a non-persistent cross-site scripting possibility resulting from improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
2014-06-03 10:28:50 +02:00
$NetBSD: distinfo,v 1.4 2014/06/03 08:28:50 pettai Exp $
1.1.5 - Fixes for machine-readable indices. Key expiration times are now read from self-signatures on the key's UIDs. In addition, instead of 8-digit key IDs, index entries now return the most specific key ID possible: 16-digit key ID for V3 keys, and the full fingerprint for V4 keys. - Add metadata information (number of keys, number of files, checksums, etc) to key dump. This allows for information on the key dump ahead of download/import, and direct verification of checksums using md5sum -c <metadata-file>. - Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2) - Upgraded to cryptlib-1.7 and own changes are now packaged as separate patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak - Option max_matches was setting max_internal_matches. Fixed (BB issue #4) - op=hget now supports option=mr for completeness (BB issue #17) - Add CORS header to web server responses. Allows JavaScript code to interact with keyservers, for example the OpenPGP.js project. - Change the default hkp_address and recon_address to making the default configuration support IPv6. (Requires OCaml 3.11.0 or newer) - Only use '-warn-error A' if the source is marked as development as per the version suffix (+) (part of BB Issue #2) - Reduce logging verbosity for debug level lower than 6 for (i) bad requests, and (ii) no results found (removal of HTTP headers in log) (BB Issue #13) - Add additional OIDs for ECC RFC6637 style implementations (brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches. - Fix a non-persistent cross-site scripting possibility resulting from improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
2014-06-03 10:28:50 +02:00
SHA1 (sks-1.1.5.tgz) = a353426e99de3fb02bf93b953f574335a9f2a590
RMD160 (sks-1.1.5.tgz) = f47543870313f6bd0868e702849eb717aa045d67
Size (sks-1.1.5.tgz) = 362941 bytes
1.1.4 - Fix X-HKP-Results-Count so that limit=0 returns no results, but include the header, to let a client poll for how many results exist, without retrieving any. See: http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html - Add UPGRADING document to explain upgrading Berkeley DB without rebuilding. System bdb versions often change with new SKS releases for .deb and .rpm distros. - Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty - Update cryptokit from version 1.0 to 1.5 without requiring OASIS build system or other additional dependencies - build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2 - common.ml and reconSC.ml were using different values for minumimum compatible version. This has been fixed. - Added new server mime-types, and trying another default document (Issue 6) In addition to the new MIME types added in 1.1.[23], the server now looks over a list and and serves the first index file that it finds Current list: index.html, index.htm, index.xhtml, index.xhtm, index.xml. - options=mr now works on get as well as (v)index operations. This is described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00 sections 3.2.1.1. and 5.1. - Updated copyright notices in source files - Added sksclient tool, similar to old pksclient - Add no-cache instructions to HTTP response (in order for reverse proxies not to cache the output from SKS) - Use unique timestamps for keydb to reduce occurrances of Ptree corruption. - Added Interface specifications (.mli files) for modules that were missing them - Yaron pruned some no longer needed source files from the tree. - Improved the HTTP status and HTTP error codes returned for various situations and added checks for more error conditions. - Add a suffix to version (+) indicating non-release or development builds - Add an option to specify the contact details of the server administrator that shows in the status page of the server. The information is in the form of an OpenPGP KeyID and set by server_contact: in sksconf - Add a `sks version` command to provide information on the setup. - Added configuration settings for the remaining database table files. If no pagesize settings are in sksconf, SKS will use 2048 bytes for key and 512 for ptree. The remainining files' pagesize will be set by BDB based on the filesystem settings, typically this is 4096 bytes. See sampleConfig/sksconf.typical for settings recommended by db_tuner. - Makefile: Added distclean target. Dropped autogenerated file from VCS. - Allow tuning BDB environment before creation in [fast]build and pbuild. If DB_CONFIG exists in basedir, copy it to DB dir before DB creation. Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG. - Add support for Elliptic Curve Public keys (ECDSA, ECDH) - Add check if an upload is a revocation certificate, and if it is, produce an error message tailored for this. 1.1.3 - Makefile fix for 'make dep' if .depend does not exist. Issue #4 - Makefile fix: sks and sks_add_mail fail to link w/o '-ccopt -pg' Issue #23 - Added -disable_mailsync and -disable_log_diffs to sks.pod - Added file extensions .css, .jpeg, .htm, .es, .js, .xml, .shtml, .xhtm, .xhtml and associated MIME types to server code. Part of Issue #6 - Added sample configuration files in sampleConfig directory - Added sample web page files in sampleWeb directory. Issues #7, 9, 19 - Allow requests for non-official options hget, hash, status, & clean to be preceded by '-x'. Closes issues #10, 11, 13, & 14. - Allow &search with long subkey ID (16 digit) and subkey fingerprint subkey lookup was failing with other than a short key ID. However, public key lookup was working with short and long key ID and fingerprints. This patch makes subkey lookup behave the same as full key lookup. http://lists.gnupg.org/pipermail/gnupg-users/2012-January/043495.html - Patch recon script so that POST includes HTTP version number.
2012-11-10 15:24:44 +01:00
SHA1 (patch-aa) = 04f74c6f141d71e3b0cd45e68896be93dffd0b7c
SHA1 (patch-ab) = 919846f9c31a89f23430081dbad853d088dcb7e5
SHA1 (patch-ac) = 0fbe22e67681970521ae66ca1903e9e95eda52ad
SHA1 (patch-ad) = f96b913bc7ad6b5bd11a51569fc28ee042b1667c