The libmerkletree library implements Merkle tree calculation, and also
includes some higher-level functions to verify a file against a
previously-generated Merkle tree.
A Merkle tree is a hash tree calculated across blocks in data. Any
block size can be specified in this implementation. A digest is
calculated across each block in the data, and then a digest is
calculated across blocks of the checksums, and this continues until
only one block of digest exists. The hierarchical nature of this
allows individual blocks of a file to be verified, even if other parts
of the file have been modified. A degenerate case, in which the data
is less than the blocksize, will mean that a single digest value for
the block is calculated. This will be the same as the digest
algorithm applied to the whole file.
The digest calculations themselves are done by the libmultigest(3)
library, and allow concatenation of multiple digests to produce a
single large digest value.
The merkletree(1) command performs Merkle tree calculation and
verification on the input data. This allows the establishment of the
block positions (i.e. relative neighbourhood) of any changed data.
libmultigest is a library interface to calculate multiple digests at
the same time, without having to re-scan data. This is to protect
against any single digest algorithm being found to have second
pre-images. Up to 32 digests can be specified on the command line.
The data being used as input to the digest can be modified by using a
regular expression-based substitution operation, so that any Version
Control System identifiers can be normalised before being digested.
If no substitution regular expression is provided, the input data will
be used as-is.
The list of digests provided is:
BLAKE2, CRC32C, MD5, RMD160, SHA1, SHA256, SHA512,
SHA3-224, SHA3-256, SHA3-384, SHA3-512, SIZE,
TIGER, TIGER2, WHIRLPOOL
The multigest utility calculates message digests of files or, if no
file is specified, standard input. The list of possible algorithms is
given in the libmultigest(3) manual page.
The multigest utility is a simple wrapper for the various
different algorithm implementations, , and was designed to be
scalable as new message digest algorithms are developed.
+ Check the correct field in the struct is not NULL in sig_verify_dsa()
+ Move to using our own byte-swapping routines - portability
+ Check for errors in bzlib
+ Bump version number to 20140304
Version 0.6.7
-----------------
Released on February 16, 2014
- Expose app instance in a command commands (manage.app). #83
- Show full help for submanagers if called without arguments. #85
- Fix ShowUrls command conflict. #88
0.9 (2014-02-20)
This release is compatible with webassets 0.9.
flask-assets now support Python 3, and drops support for Python 2.5.
- Support for Flask-S3 (Erik Taubeneck).
- Support latest Flask-Script (Chris Hacken).
** libgnutls: Corrected certificate verification issue (GNUTLS-SA-2014-2)
** libgnutls: Corrected issue in gnutls_pcert_list_import_x509_raw
when provided with invalid data. Reported by Dmitriy Anisimkov.
** libgnutls: Corrected timeout issue in subsequent to the first
DTLS handshakes.
** libgnutls: Removed unconditional not-trusted message in
gnutls_certificate_verification_status_print() when used with
OpenPGP certificates. Reported by Michel Briand.
** libgnutls: All ciphersuites that were available in TLS1.0 or
later are now made available in SSL3.0 or later to prevent
any incompatibilities with servers that negotiate them in SSL 3.0.
** ocsptool: When verifying a response and a signer isn't provided
assume that the signer is the issuer.
** ocsptool: When sending a nonce, verify that the nonce exists
in the OCSP response.
** gnutls-cli: Added --strict-tofu option; contributed by Jens
Lechtenboerger.
** API and ABI modifications:
No changes since last version.
Lib/
* Added ldap.controls.openldap.SearchNoOpControl
* New method ldap.async.AsyncSearchHandler.afterFirstResult()
for doing something right after successfully receiving but before
processing first result
* Better log data written when invoking ldap.LDAPLock.acquire() and
ldap.LDAPLock.release()
* LDAPObject and friends now pass `desc' to ldap.LDAPLock() which
results in better logging
* ldapobject.ReconnectLDAPObject now uses internal class-wide
lock for serializing reconnects
* Method signature of ReconnectLDAPObject.reconnect() changed to be able
to call it with separate retry_max and retry_delay values
Modules/
* Added support for retrieving negotiated TLS version/cipher
with LDAPObject.get_option() with the help of upcoming OpenLDAP libs
It contains the following fixes:
* runtime: fix crash in runtime.GoroutineProfile
* runtime: if traceback sees a breakpoint, don't change the PC
* runtime: fix data race in GC
* net: ignore some errors in windows Accept
* database/sql: Use all connections in pool
