Problems found with existing digests:
Package memconf distfile memconf-2.16/memconf.gz
b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
95748686a5ad8144232f4d4abc9bf052721a196f [calculated]
Problems found locating distfiles:
Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* Remove backwards compatibility for no-tty mode. Addresses
CVE-2013-4440 (Closes: #725507)
* Fail hard if /dev/urandom and /dev/random are not available.
Addresses CVE-2013-4442 and Launchpad #1183213 (Closes: #767008)
* Fix pwgen -B so that it doesn't accidentally generate passwords with
ambiguous characters after changing the case of some letters.
Addresses Launchpad Bugs #638418 and #1349863
* Fix potential portability bug on architectures where unsgined ints
are not 4 bytes long
Changes: Theodore Ts'o (9): Add .gitignore file Fix pwgen -Bs so that
this option combination works correctly Fix the pwgen -Bc option
combination Fix typo in pwgen man page. Make the -s option imply the -nc
options Add -v option to generate passwords without vowels Update Debian
changelog for 2.06 release Fix debian lintian warning:
debian-rules-ignores-make-clean-error Update Debian Standards-Version to
policy version 3.7.2.2
(I didn't here back from MAINTAINER for a month.)
Changes since 2.04:
* pwgen.1: Fix spelling mistakes in the man page (Addresses Debian
Bug: #323538)
* pwgen.c (main): Fix bug which would cause pwgen to loop forever
if the password length specified is 1.
Adresses PR pkg/34334 by Martin Wilke
Changes since 2.03:
* pw_phonemes.c (pw_phonemes): Allow one or more capital letters
and one or more digits in the generated passwords.
(Addresses Debian Bug: #182595)
* pwgen.1: Explain that human-memorable passwords are vulnerable
to off-line brute force attacks. (Addresses Debian Bug:
#276976)
* pwgen.c, pwgen.h, pw_rand.c, pwgen.1: Make -A and -0 aliases to
--no-capitalize and --no-numerals, and make those options
work when --secure is specified.
* pwgen.c, pwgen.h, pw_rand.c, pw_phonemes.c, pwgen.c: Add support
for the --symbols/-y option, which adds special characters
to the generated password. (Addresses Debian Bug: #154561)
* pwgen.c: Add -H, --sha1 option, to allow computing reproducible
passwords, given a known file, and a known seed.
(ie: pwgen -H ~/my_favourite.mp3#olivier@guerrier.com gives me
a list of possibles passwords for my pop3 account, and I can
ask this list again and again). Feature suggested and
implemented by Olivier Guerrier <olivier@guerrier.com>.
* Fix obvious spelling typo in pwgen.1. (Addresses Debian Bug
#311461)
PR: 30714 by Leonard Schmidt
