* Add udev rules files to packed distribution.
Version 1.8.1 (released 2012-10-17)
* Memory leak fixes and potential crash fixes in osx backend.
* Error reporting fixes in osx backend, reporting correct errors and
better errors.
* Provide new another udev permissions file that works on udev version
greater than 188. Autodetects from configure which to use.
* Add new binary ykinfo, can be used to get serial number, version and
touch level from a YubiKey.
Version 1.8.0 (released 2012-09-28)
* Added ./configure --enable-gcc-warnings to enable a lot of warnings.
* Added Continuous integration at travis-ci
(http://travis-ci.org/#!/Yubico/yubikey-personalization)
* Added yk_challenge_response() function for doing challenge response
with a key.
* Fixed functions for NDEF writing, adding:
ykp_ndef_alloc(), ykp_ndef_free() and ykp_set_ndef_access_code()
also providing compatible name YK_NDEF in ykcore.h and exporting
yk_write_ndef() there.
Change return values from ndef_construct_*() functions to make them
consistent with the rest of the library.
* Fixed a crash bug when the library was called from different threads.
* Check return code from libusb_init() so we avoid crashing there.
Also use a usb context instead of relying on default.
* Fix numerous warnings.
* Fix compilation in MSVC2010.
Version 1.7.0 (released 2012-06-07)
* Add support for new features in YubiKey 2.3:
ALLOW_UPDATE flag that allows updating of configuration in slots.
Update command (-u) to do update of existing config.
Swap command (-x) to swap contents of two updatable slots
DORMANT flag that's settable/removable if ALLOW_UPDATE is set
USE_NUMERIC_KEYPAD flag for sending the OATH OTP using keypad scan codes
instead
FAST_TRIG flag for faster triggering of slot one if slot two is empty
* Change the library around some to make the 2.3 features available.
Use ykp_alloc() instead of ykp_create_config().
Use ykp_configure_version() instead of ykp_configure_for() to set the version.
Use ykp_configure_command() instead of ykp_configure_for() to set slot.
Use yk_write_command() instead of yk_write_config().
The new commands doesn't set any default configuration at all.
* Add library support for the YubiKey NEO beta
ykp_construct_ndef_uri() for preparing a URI to write.
ykp_construct_ndef_text() for preparing a text to write.
yk_write_ndef() to write the constructed NDEF.
* Add support for the YubiKey NEO beta
Writing NDEF URI with -n http://example.com/foo/
Writing NDEF Text record with -t example
* liboath: The usersfile is now fflush'ed and fsync'ed.
* liboath: A memory leak fixed.
* oathtool: The --counter parameter now works on 32-bit platforms.
* API and ABI is backwards compatible with the previous version.
OATH_FILE_FLUSH_ERROR: Added.
OATH_FILE_SYNC_ERROR: Added.
OATH_FILE_CLOSE_ERROR: Added.
OATH_LAST_ERROR: Added.
Version 1.12.5 (released 2012-08-19)
* oathtool: The --counter parameter now supports larger values.
Before it used an 'int' type and now it uses a 'longlong' type.
Needed for eSecuTech tokens as they use a 64-bit value for their
initial counter. see <https://savannah.nongnu.org/support/?108114>.
* Added gnulib self-tests.
* API and ABI is backwards compatible with the previous version.
Version 1.12.4 (released 2012-06-17)
* liboath: Usersfile code handles multiple lines for a single user.
This can be used when a single user carries multiple tokens (with
different OATH secrets) and any of them should be permitted.
* API and ABI is backwards compatible with the previous version.
Version 1.12.3 (released 2012-05-31)
* pam_oath: Fix "try_first_pass".
* API and ABI is backwards compatible with the previous version.
Version 1.12.2 (released 2012-04-04)
* liboath: usersfile function now works on FreeBSD.
* tests: liboath usersfile self-test is skipped if there is no datefudge.
* API and ABI is backwards compatible with the previous version.
Version 1.12.1 (released 2012-04-01)
* liboath, oathtool: Base32 decoding now permit lowercase characters.
* API and ABI is backwards compatible with the previous version.
Version 1.12.0 (released 2012-04-01)
* oathtool: Added --base32 parameter to decode base32 keys.
* oathtool: Verbose output (-v) now print key data in base32 format too.
* liboath: Added base32 functions. Added hex encoding function.
The new APIs are oath_bin2hex, oath_base32_decode, and
oath_base32_encode.
* liboath: Gnulib's snprintf is used for better portability.
The system snprintf is known to have bugs on some systems, see the
Gnulib manual for more information.
* API and ABI is backwards compatible with the previous version.
oath_bin2hex: New function.
oath_base32_decode: New function.
oath_base32_encode: New function.
OATH_INVALID_BASE32: New error code.
OATH_BASE32_OVERFLOW: New error code.
OATH_MALLOC_ERROR: New error code.
- Fix X-HKP-Results-Count so that limit=0 returns no results, but include
the header, to let a client poll for how many results exist, without
retrieving any. See:
http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html
- Add UPGRADING document to explain upgrading Berkeley DB without
rebuilding. System bdb versions often change with new SKS releases
for .deb and .rpm distros.
- Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
- Update cryptokit from version 1.0 to 1.5 without requiring OASIS
build system or other additional dependencies
- build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
- common.ml and reconSC.ml were using different values for minumimum
compatible version. This has been fixed.
- Added new server mime-types, and trying another default document (Issue 6)
In addition to the new MIME types added in 1.1.[23], the server now
looks over a list and and serves the first index file that it finds
Current list: index.html, index.htm, index.xhtml, index.xhtm, index.xml.
- options=mr now works on get as well as (v)index operations. This is
described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
sections 3.2.1.1. and 5.1.
- Updated copyright notices in source files
- Added sksclient tool, similar to old pksclient
- Add no-cache instructions to HTTP response (in order for reverse proxies
not to cache the output from SKS)
- Use unique timestamps for keydb to reduce occurrances of Ptree corruption.
- Added Interface specifications (.mli files) for modules that were missing
them
- Yaron pruned some no longer needed source files from the tree.
- Improved the HTTP status and HTTP error codes returned for various
situations and added checks for more error conditions.
- Add a suffix to version (+) indicating non-release or development builds
- Add an option to specify the contact details of the server administrator
that shows in the status page of the server. The information is in the
form of an OpenPGP KeyID and set by server_contact: in sksconf
- Add a `sks version` command to provide information on the setup.
- Added configuration settings for the remaining database table files. If
no pagesize settings are in sksconf, SKS will use 2048 bytes for key
and 512 for ptree. The remainining files' pagesize will be set by BDB
based on the filesystem settings, typically this is 4096 bytes.
See sampleConfig/sksconf.typical for settings recommended by db_tuner.
- Makefile: Added distclean target. Dropped autogenerated file from VCS.
- Allow tuning BDB environment before creation in [fast]build and pbuild.
If DB_CONFIG exists in basedir, copy it to DB dir before DB creation.
Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG.
- Add support for Elliptic Curve Public keys (ECDSA, ECDH)
- Add check if an upload is a revocation certificate, and if it is,
produce an error message tailored for this.
1.1.3
- Makefile fix for 'make dep' if .depend does not exist. Issue #4
- Makefile fix: sks and sks_add_mail fail to link w/o '-ccopt -pg'
Issue #23
- Added -disable_mailsync and -disable_log_diffs to sks.pod
- Added file extensions .css, .jpeg, .htm, .es, .js, .xml, .shtml, .xhtm,
.xhtml and associated MIME types to server code. Part of Issue #6
- Added sample configuration files in sampleConfig directory
- Added sample web page files in sampleWeb directory. Issues #7, 9, 19
- Allow requests for non-official options hget, hash, status, & clean to
be preceded by '-x'. Closes issues #10, 11, 13, & 14.
- Allow &search with long subkey ID (16 digit) and subkey fingerprint
subkey lookup was failing with other than a short key ID. However,
public key lookup was working with short and long key ID and fingerprints.
This patch makes subkey lookup behave the same as full key lookup.
http://lists.gnupg.org/pipermail/gnupg-users/2012-January/043495.html
- Patch recon script so that POST includes HTTP version number.
File::KeePass gives access to KeePass version 1 (kdb) and version
2 (kdbx) databases.
The version 1 and version 2 databases are very different in
construction, but the majority of information overlaps and many
algorithms are similar. File::KeePass attempts to iron out as many
of the differences.
File::KeePass gives nearly raw data access. There are a few utility
methods for manipulating groups and entries. More advanced manipulation
can easily be layered on top by other modules.
File::KeePass is only used for reading and writing databases and
for keeping passwords scrambled while in memory. Programs dealing
with UI or using of auto-type features are the domain of other
modules on CPAN. File::KeePass::Agent is one example.
It is in pure python to avoid portability issues, since most DES
implementations are programmed in C (for performance reasons).
Triple DES class is also implemented, utilising the DES base. Triple DES
is either DES-EDE3 with a 24 byte key, or DES-EDE2 with a 16 byte key.
See the "About triple DES" section below more info on this algorithm.
The code below is not written for speed or performance, so not for those
needing a fast des implementation, but rather a handy portable solution
ideal for small usage.
Upstream changes:
2.31 Tue Oct 30 07:03:40 EDT 2012
- Fixes to regular expressions to avoid rare failures to
correctly strip padding in decoded messages.
- Add padding type = "none".
- Both fixes contributed by Bas van Sisseren.
Today you need to remember many passwords. You need a password for
the Windows network logon, your e-mail account, your website's FTP
password, online passwords (like website member account), etc. etc.
etc. The list is endless. Also, you should use different passwords
for each account. Because if you use only one password everywhere
and someone gets this password you have a problem... A serious
problem. The thief would have access to your e-mail account, website,
etc. Unimaginable.
KeePass is a free open source password manager, which helps you to
manage your passwords in a secure way. You can put all your passwords
in one database, which is locked with one master key or a key file.
So you only have to remember one single master password or select
the key file to unlock the whole database. The databases are
encrypted using the best and most secure encryption algorithms
currently known (AES and Twofish).
ChangeLog Since 2.3.5:
* fix a bug when receiving a signature using the InclusiveNamespaces
PrefixList by copying namespace declaration from upper level at the level of
the signed node.
* fix compilation warning on recent version of GCC
1.49 2012-09-25
Fixed problem where on some platforms test t/local/07_tcpecho.t would
bail out if it could not bind port 1212. Now now tries a number of ports to bind to until
successful.
Improvements to unsigned casting contributed by Reini Urban.
Improvements to Net::SSLeay::read to make it easier to use with non-blocking IO:
contributed by James Marshall: It modifies
Net::SSLeay::read() to return the result from SSL_read() as the second
return value, if Net::SSLeay::read() is called in list context. Its
behavior should be unchanged if called in scalar or void context. This
result code seems to be required for full support of non-blocking I/O,
since users need to handle SSL_ERR_WANT_READ, SSL_ERROR_WANT_WRITE, etc.
Fixed a problem where t/local/kwalitee.t fails with
Module::CPANTS::Analyse 0.86. Patch from Paul.
Fixed a number of typos patched by Giles.
Fixed a compiler warning from Compiling with gcc-4.4 and -Wall, patched by Giles.
Fixed problems with get_https4: documentation was wrong, $header_ref was
not correctly set and $server_cert was not returned.
Fixed a problem that could cause a Perl exception about no blength
method on undef. Reported by "Stephen J. Smith via RT". https://rt.cpan.org/Ticket/Display.html?id=79309
Added documentation about how to mitigatxe various SSL/TLS
vulnerabilities.
Fixed problem reported by Mike Doherty: SSL_MODE_* are defined in ssl.h,
and should be available as constants, but I do not see them listed in constants.h
5.72 Mon Sep 24 15:22:08 MST 2012
- adjusted module installation directory for later Perls
-- As of 5.11 Perl searches 'site' first, so use that
-- ref. INSTALLDIRS in Makefile.PL
-- thanks to Robert Sedlacek for patch
0.64 2012-08-06 01:23:30
- Drastically simplify Makefile.PL to resolve RT bugs #61249, #61324,
#63553, #68208, and #68084.
- Forgot to update Changes for 0.63, so this version overrides that.
0.61_05 2012-08-04 00:40:22 UTC
- Trying to distinguish between good vs bad zero returns from underlying
SSL_read/SSL_write broke stuff (see RT bug #78695). Revert to previous
behavior.
- Completely re-organize Makefile.PL. I hope these changes will help take
care of RT bugs #61324, #61249, #63553, and #68084 etc. This is not
necessarily finished, but I want to see what happens on CPAN Testers at
this point before making a few other minor changes.
0.60 2012-07-29 21:43:47 UTC
- Release 0.59_03 as 0.60 so distributions can pick up various fixes. The most
important one seems to be bug RT #70565. This should take care of bug RT
#77167
- SSL_read and SSL_write now try to handle incomplete reads/writes (see bug RT
RT #64054). The current test suite does is not very comprehensive, so caution
is recommended at this point. Also, if you have good test cases, I would love
to incorporate them into the distribution.
0.59_03 2012-03-10 00:45:28 UTC
- Bump version number and upload to CPAN.
0.59_02 2012-03-08 16:16:03 UTC
- Forgot to update Changes for 0.59_01. The following is a combined list of
the more important fixes incorporated in both.
- Bug RT #64054: Handle incomplete reads/writes better
- Bug RT #73754: Add LWP::Protocol::https to PREREQ_PM
- Bug RT #73755: Crypt-SSLeay does not verify hosts (yet). Don't let that
cause a failure during tests.
- Streamline t/02-live.t using Try::Tiny and done_testing
- Plus assorted related small changes.
0.58_01 2010-09-08 19:11:39 UTC
- L<text|scheme:...> is not supported in POD for 5.8.5 and earlier.
- TODOs in POD should stand out
- Add /boot/common/ssl and some other directories to unix_ssl_dirs (see bug
#60936).
of the scrypt key derivation function. On modern hardware and with default
parameters, the cost of cracking the password on a file encrypted by scrypt
enc is approximately 100 billion times more than the cost of cracking the
same password on a file encrypted by openssl enc; this means that a five-
character password using scrypt is stronger than a ten-character password
using openssl
Generated file didn't pass -Werror check on gcc4.7. The problem is
well-known and already fixed on the current version of mit-krb5. The
patch added here was taken from upstream.
No revbump necessary, won't change binary on systems that already built it.
