Noteworthy changes in version 2.0.27 (2015-02-18)
-------------------------------------------------
* gpg: Detect faulty use of --verify on detached signatures.
* gpg: New import option "keep-ownertrust".
* gpg: Uses SHA-256 for all signature types also on RSA keys.
* gpg: Added support for algo names when generating keys using the
--command-fd method.
* gpg: Unless --allow-weak-digest-algos is used the insecure MD5
based fingerprints are shown as all zeroe
* gpg: Fixed DoS based on bogus and overlong key packets.
* gpg: Better error reporting for keyserver problems.
* Fixed several bugs related to bogus keyrings and improved some
other code.
0.52 - 2016-02-16
- Skip "grp" records, generated by GPG 2.1; this suppresses "unknown
record type" warnings
- Add explicit Fatal dependency; though nominally part of code perl,
RedHat's perl does not ship with it
- Ensure that the trustdb is created before attempting to encrypt; gpg2
requires that it exist, even for commands with --trust-model=always.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751266
Darwin. Let's do that instead of removing that library, since it would
involve disabling another CFLAG to function properly. Do the same for
OpenBSD which fixes the build there too. Add options.mk file to enable the
user to choose the libcrack and debug options at build time. Bump
PKGREVISION.
Upstream changes:
=================
Release 1.6.5. Changes:
== Features ==
* Support Gpg4win alongside Cygwin
== Bug Fixes ==
* Work around unit tests bug with GnuPG 2.1.0 and 2.1.1
* Manually migrate unit tests keys to GnuPG 2.1 series
* Restore support GnuPG 2.0 series
Release 1.6.4. Changes:
== Features ==
* "add" is an alias of "insert"
* `pass edit` will no longer make a commit if the password does not change
* Symbolic links are now followed
* Remove gpg agent check, due to the auto-starting gpg-agent in GnuPG 2.1
== Bug Fixes ==
* Avoid trailing slash in `pass grep`
* Account for $CLIP_TIME in messages
* revelation2pass, keepassx2pass, and other script improvements
* Fix .gpg extension in tree listings, and preserve colors
* Improved support for getopt on OSX
* Updates for zsh and fish completion autoloading
* Always preserve TTY for pinentry
* Only use encryption subkeys
* Better clip error messages
* No longer use hidden recipients
Suite B support for TLS 1.2 and DTLS 1.2
Support for DTLS 1.2
TLS automatic EC curve selection.
API to set TLS supported signature algorithms and curves
SSL_CONF configuration API.
TLS Brainpool support.
ALPN support.
CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
** libgnutls: Corrected regression introduced in 3.2.19 related to
session renegotiation. Reported by Dan Winship.
** libgnutls: Corrected parsing issue with OCSP responses.
** API and ABI modifications:
No changes since last version.
Upstream Changelog:
+ The TZ environment variable is now checked for safety instead of
simply being copied to the environment of the command.
This fixes a potential security issue.
+ Sudo now only builds Position Independent Executables (PIE) by
default on Linux systems and verifies that a trivial test program
builds and runs.
+ On Solaris 11.1 and higher, sudo binaries will now have the ASLR tag
enabled if supported by the linker.
Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too many password failures. It updates firewall
rules to reject the IP address. Theses rules can be defined by
the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones.
---
5.0
---
* Version numbering is now derived from the code repository tags via `hgtools
<https://pypi.python.org/pypi/hgtools>`_.
* Build and install now requires setuptools.
+ recognise signatures made by subkeys as well as by primary keys
+ print out the relevant key which signed the file, even if it's
a subkey and not the primary key itself.
+ keep the same API as before
with many thanks to Jonathan Perkin
## 1.6.0
* Fix colorize to use the correct API (@fazibear)
* Lock colorize (sorry guys) version at >= 0.7.0
## 1.6.0 (Yanked, because of colorize.)
* Force dependency on colorize v0.6.0
* Add your entries here, remember to credit yourself however you want to be
credited!
* Remove strip from capture to preserve whitespace. Nick Townsend
* Add vmware_fusion Vagrant provider. Nick Townsend
* Add some padding to the pretty log formatter
## 1.5.1
* Use `sudo -u` rather than `sudo su` to switch users. Mat Trudel
## 1.5.0
* Deprecate background helper - too many badly behaved pseudo-daemons. Lee Hambley
* Don't colourize unless $stdout is a tty. Lee Hambley
* Remove out of date "Known Issues" section from README. Lee Hambley
* Dealy variable interpolation inside `as()` block. Nick Townsend
* Fixes for functional tests under modern Vagrant. Lewis Marshal
* Fixes for connection pooling. Chris Heald
* Add `localhost` hostname to local backend. Adam Mckaig
* Wrap execptions to include hostname. Brecht Hoflack
* Remove `shellwords` stdlib dependency Bruno Sutic
* Remove unused `cooldown` accessor. Bruno Sutic
* Replace Term::ANSIColor with a lighter solution. Tom Clements
* Documentation fixes. Matt Brictson
## 1.4.0
https://github.com/capistrano/sshkit/compare/v1.3.0...v1.4.0
* Removed `invoke` alias for [`SSHKit::Backend::Printer.execute`](https://github.com/capistrano/sshkit/blob/master/lib/sshkit/backends/printer.rb#L20). This is to prevent collisions with
methods in capistrano with similar names, and to provide a cleaner API. See [capistrano issue 912](https://github.com/capistrano/capistrano/issues/912) and [issue 107](https://github.com/capistrano/sshkit/issues/107) for more details.
* Connection pooling now uses a thread local to store connection pool, giving each thread its own connection pool. Thank you @mbrictson see [#101](https://github.com/capistrano/sshkit/pull/101) for more.
* Command map indifferent towards strings and symbols thanks to @thomasfedb see [#91](https://github.com/capistrano/sshkit/pull/91)
* Moved vagrant wrapper to `support` directory, added ability to run tests with vagrant using ssh. @miry see [#64](https://github.com/capistrano/sshkit/pull/64)
* Removed unnecessary require `require_relative '../sshkit'` in `lib/sshkit/dsl.rb` prevents warnings thanks @brabic.
* Doc fixes thanks @seanhandley @vojto
[2014/12/02]
* Version 2.4.1
- sp_loginclass support should NOT have been added to password implementation
[2014/12/01]
* Version 2.4.0
- Add support for sp_loginclass via pwd.h
=== 2.9.2-rc3
* Remove advertised algorithms that were not working (curve25519-sha256@libssh.org) [mfazekas]
=== 2.9.2-rc2
* number_of_password_prompts is now accepted as ssh option, by setting it 0 net-ssh will not ask for password for password auth as with previous versions [mfazekas]
=== 2.9.2-rc1
* Documentation fixes and refactoring to keepalive [detiber, mfazekas]
=== 2.9.2-beta
* Remove advertised algorithms that were not working (ssh-rsa-cert-* *ed25519 acm*-gcm@openssh.com) [mfazekas]
* Unkown algorithms now ignored instead of failed [mfazekas]
* Asks for password with password auth (up to number_of_password_prompts) [mfazekas]
* Removed warnings [amatsuda]
=== 2.9.1 / 13 May 2014
* Fix for unknown response from agent on Windows with 64-bit PuTTY [chrahunt]
* Support negative patterns in host lookup from the SSH config file [nirvdrum]
=== 2.9.0 / 30 Apr 2014
* New ciphers [chr4]
* Added host keys: ssh-rsa-cert-v01@openssh.comssh-rsa-cert-v00@openssh.comssh-ed25519-cert-v01@openssh.com ssh-ed25519
* Added HMACs: hmac-sha2-512-etm@openssh.comhmac-sha2-256-etm@openssh.comumac-128-etm@openssh.com
* Added Kex: aes256-gcm@openssh.comaes128-gcm@openssh.comcurve25519-sha256@libssh.org
* Added private key support for id_ed25519
* IdentiesOnly will not disable ssh_agent - fixes#148 and new fix for #137 [mfazekas]
* Ignore errors during ssh agent negotiation [simonswine, jasiek]
* Added an optional "options" argument to test socket open method [jefmathiot]
* Added gem signing (again) with new cert [delano]
=== 2.8.1 / 19 Feb 2014
* Correct location of global known_hosts files [mfischer-zd]
* Fix for password authentication [blackpond, zachlipton, delano]
3.1.8 Oct 23 2014
- Add support for Ruby 2.1 in compiled Windows binaries [GH #102]
3.1.9 Oct 23 2014
- Rebuild corrupt binaries
3.1.10 Jan 28 2015
- Fix issue with dumping a BCrypt::Password instance to YAML in Ruby 2.2 [GH #107 by @mattwildig]
2.012 2014/02/02
- fix t/ocsp.t in case no HTTP::Tiny is installed
2.011 2014/02/01
- fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling #101855
- added option 'purpose' to Utils::CERT_create to get better control of the
certificates purpose. Default is 'server,client' for non-CA (contrary to
only 'server' before)
- removed RC4 from default cipher suites on the server site
https://github.com/noxxi/p5-io-socket-ssl/issues/22
- refactoring of some tests using Test::More thanks to Sweet-kid and the
2015 Pull Request Challenge
+ dump the huge output to /dev/null so that we can see what's
happening with the other tests in testit.sh
+ fix from jperkin@, don't try to be clever when selecting the only
key id in a keyring
+ add a test for single key (non-ssh) pubring
+ dump the huge output in testing script to /dev/null so that we can
see what's happening with the other tests in testit.sh
+ fix from jperkin@, don't try to be clever when selecting the only
key id in a keyring
+ add a test for single key (non-ssh) pubring
Noteworthy changes in version 1.18 (2015-01-26) [C14/A14/R0]
-----------------------------------------------
* New translations for Hungarian, Portuguese, Russian, and
traditional Chinese. Updated other translations.
* New error codes.
* Interface changes relative to the 1.17 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPG_ERR_FORBIDDEN NEW.
GPG_ERR_OBJ_TERM_STATE NEW.
GPG_ERR_REQUEST_TOO_SHORT NEW.
GPG_ERR_REQUEST_TOO_LONG NEW.
GPG_ERR_LEGACY_KEY NEW.
This version includes support for the '-c dump' command, which dumps
the contents of all PGP packets to stdout. Note that since we're
verifying, no private keys are involved.
1.68 2015-01-24
Fixed a problem on OSX when macports openssl 1.x is installed: headers from
macport were found but older OSX openssl libraries were linked, resulting
in "Symbol not found: _EVP_MD_do_all_sorted".
Added notes about runtime error "no OPENSSL_Applink", when calling
Net::SSLeay::P_PKCS12_load_file.
2.010 2014/01/14
- new options SSL_client_ca_file and SSL_client_ca to let the server send
the list of acceptable CAs for the client certificate.
- t/protocol_version.t - fix in case SSLv3 is not supported in Net::SSLeay.
RT#101485, thanks to TEAM.
1.67 2015-01-17
Improvements to inc/Module/Install/PRIVATE/Net/SSLeay.pm to handle the
case whe there are muliple OPENSSLs installed. Patch from HBRAND
Fixed a documentation error in get_peer_cert_chain, reported by tejas.
Fixed a problem with building on Windows that prevented correct OpenSSL
directory detection with version 1.0.1j as delivered with Shining Light OpenSSL.
Fixed a problem with building on Windows that prevented finding MT or MD
versions of SSL libraries.
Updated doc in README.Win32 to build with Microsoft Visual Studio 2010 Express.
Added Windows crypt32 library to Windows linking as some compilers/platforms seem to
require it and it is innocuous otherwise. For Steve Hay.
Fixed a failure in t/external/20_cert_chain.t where some platforms do not
have HTTPS in /etc/services. Reported and patched by Gisle Aas.
Recent 1.0.2 betas have dropped the SSLv3_method function.
This patch leaves out the function on newer versions, much the same as
the SSLv2 deprecation is handled. Patch from Tom Molesworth.
Fix the ALPN test, which was incorrectly failing on OpenSSL due to the
LibreSSL check (earlier versions bailed out before that line).Patch from
Tom Molesworth.
0.7.2 - 2015-01-16
~~~~~~~~~~~~~~~~~~
* Updated Windows wheels to be compiled against OpenSSL 1.0.1l.
* ``enum34`` is no longer installed on Python 3.4, where it is included in
the standard library.
* Added a new function to the OpenSSL bindings to support additional
functionality in pyOpenSSL.
