19.2.0:
Backward-incompatible changes:
- Python 3.4 is not supported anymore.
It has been unsupported by the Python core team for a while now and its PyPI downloads are negligible.
It's very unlikely that ``argon2-cffi`` will break under 3.4 anytime soon, but we don't test it and don't ship binary wheels for it anymore.
Changes:
- The dependency on ``enum34`` is now protected using a PEP 508 marker.
This fixes problems when the sdist is handled by a different interpreter version than the one running it.
Go implementation of the 64-bit xxHash algorithm (XXH64).
This implementation provides a fast pure-Go implementation
and an even faster assembly implementation for amd64.
The libSTARK library implements scalable and transparent argument of
knowledge (STARK) systems. These systems can be executed with, or
without, zero knowledge (ZK), and may be designed as either
interactive or non-interactive protocols. The theoretical
constructions which this library implements are described in detail in
the zk-STARK paper:
Scalable, transparent, and post-quantum secure computational integrity
Eli Ben-Sasson and Iddo Bentov and Yinon Horesh and Michael Riabzev
https://eprint.iacr.org/2018/046
Last update in 2009, homepage not reachable; only builds with php-5.6
but one of it's dependencies is per default built against a newer php,
so this can't even build.
doas is a port of OpenBSD's doas which runs on FreeBSD, Linux and
NetBSD.
The doas utility is a program originally written for OpenBSD which
allows a user to run a command as though they were another
user. Typically doas is used to allow non-privleged users to run
commands as though they were the root user. The doas program acts as
an alternative to sudo, which is a popular method in the Linux
community for granting admin access to specific users.
The doas program offers two benefits over sudo: its configuration file
has a simple syntax and it is smaller, requiring less effort to audit
the code. This makes it harder for both admins and coders to make
mistakes that potentially open security holes in the system.
X - Certificate and Key management
This application is intended for creating and managing X.509
certificates, certificate requests, RSA, DSA and EC private keys,
Smartcards and CRLs. Everything that is needed for a CA is
implemented. All CAs can sign sub-CAs recursively. These certificate
chains are shown clearly. For an easy company-wide use there are
customiseable templates that can be used for certificate or request
generation.
All cryptographic data is stored in a SQL database. SQLite, MySQL
(MariaDB) and PostgreSQL databases are supported.
Bindings to OpenSSL libssl and libcrypto, plus custom SSH key parsers.
Supports RSA, DSA and EC curves P-256, P-384, P-521, and curve25519.
Cryptographic signatures can either be created and verified manually
or via x509 certificates. AES can be used in cbc, ctr or gcm mode for
symmetric encryption; RSA for asymmetric (public key) encryption or EC
for Diffie Hellman. High-level envelope functions combine RSA and AES
for encrypting arbitrary sized data. Other utilities include key
generators, hash functions (md5, sha1, sha256, etc), base64 encoder, a
secure random number generator, and 'bignum' math methods for manually
performing crypto calculations on large multibyte integers.
Cross-platform utilities for prompting the user for credentials or a
passphrase, for example to authenticate with a server or read a
protected key. Includes native programs for MacOS and Windows, hence
no 'tcltk' is required. Password entry can be invoked in two different
ways: directly from R via the askpass() function, or indirectly as
password-entry back-end for 'ssh-agent' or 'git-credential' via the
SSH_ASKPASS and GIT_ASKPASS environment variables. Thereby the user
can be prompted for credentials or a passphrase if needed when R calls
out to git or ssh.
Distfile does not exist and was not redistributable.
Package was marked BROKEN for this reason for some time.
Newer version available, package could be re-added if someone is interested.
(Last update was 2007.)
0.31.0:
Added
Avoid reprocessing challenges that are already validated when a certificate is issued.
Support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges with the acme module.
Changed
Certbot's official Docker images are now based on Alpine Linux 3.9 rather than 3.7. The new version comes with OpenSSL 1.1.1.
Lexicon-based DNS plugins are now fully compatible with Lexicon 3.x (support on 2.x branch is maintained).
Apache plugin now attempts to configure all VirtualHosts matching requested domain name instead of only a single one when answering the HTTP-01 challenge.
Fixed
Fixed accessing josepy contents through acme.jose when the full acme.jose path is used.
Clarify behavior for deleting certs as part of revocation.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was:
acme
certbot
certbot-apache
certbot-dns-cloudxns
certbot-dns-dnsimple
certbot-dns-dnsmadeeasy
certbot-dns-gehirn
certbot-dns-linode
certbot-dns-luadns
certbot-dns-nsone
certbot-dns-ovh
certbot-dns-sakuracloud
More details about these changes can be found on our GitHub repo.
Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or
Perforce). These commands make it easy for you to Gnu Privacy Guard (GPG)
encrypt specific files in a repo so they are "encrypted at rest" in your
repository. However, the scripts make it easy to decrypt them when you need
to view or edit them, and decrypt them for use in production. Originally
written for Puppet, BlackBox now works with any Git or Mercurial repository.
GCR is a library for displaying certificates, and crypto UI, accessing
key stores. It also provides the viewer for crypto files on the GNOME
desktop.
GCK is a library for accessing PKCS#11 modules like smart cards, in a
(G)object oriented way.
trustme is a tiny Python package that does one thing: it gives you a fake
certificate authority (CA) that you can use to generate fake TLS certs to use
in your tests. Well, technically they're real certs, they're just signed by
your CA, which nobody trusts. But you can trust it. Trust me.
Part of PR pkg/52941.
This library provides Reauth support to Google's authentication
libraries for Python. Reauth allows using two-factor authentication for
end-user credentials.
pyu2f is a python based U2F host library for Linux, Windows, and MacOS.
It provides functionality for interacting with a U2F device over USB.
pyu2f uses ctypes to make system calls directly to interface with the
USB HID device. This means that no platform specific shared libraries
need to be compiled for pyu2f to work.
By default pyu2f will use its own U2F stack implementation to sign
requests. If desired, pyu2f can offload signing to a pluggable command
line tool.
Data::Password::passwdqc provides an object oriented Perl interface
to Openwall Project's passwdqc. It allows you to check password
strength and also lets you generate quality controllable random
password.
This library is used to gain direct access to the functions exposed by Daniel
J. Bernstein's nacl library via libsodium. It has been constructed to maintain
extensive documentation on how to use nacl as well as being completely
portable. The file in libnacl/__init__.py can be pulled out and placed directly
in any project to give a single file binding to all of nacl.
The software in this package is a Python module for generating objects that
compute the Cyclic Redundancy Check (CRC). There is no attempt in this package
to explain how the CRC works. There are a number of resources on the web that
give a good explanation of the algorithms.
This package allows the use of any 8, 16, 24, 32, or 64 bit CRC. You can
generate a Python function for the selected polynomial or an instance of the
Crc class which provides the same interface as the md5 and sha modules from the
Python standard library. A Crc class instance can also generate C/C++ source
code that can be used in another application.
Part of PR pkg/52941.
From DESCR:
2fa is a two-factor authentication agent.
"2fa -add name" adds a new key to the 2fa keychain with the given name. It
prints a prompt to standard error and reads a two-factor key from standard
input. Two-factor keys are short case-insensitive strings of letters A-Z and
digits 2-7.
"2fa name" prints a two-factor authentication code from the key with the
given name.
With no arguments, "2fa" prints two-factor authentication codes from all
known time-based keys.
The default time-based authentication codes are derived from a hash of the
key and the current time, so it is important that the system clock have at
least one-minute accuracy.
The keychain is stored unencrypted in the text file "$HOME/.2fa".
AsyncSSH is a Python package which provides an asynchronous client and server
implementation of the SSHv2 protocol on top of the Python 3.4+ asyncio
framework.
scheme.
Hawk lets two parties securely communicate with each other using messages
signed by a shared key. It is based on HTTP MAC access authentication (which
was based on parts of OAuth 1.0).
The Mohawk API is a little different from that of the Node library (i.e. the
living Hawk spec). It was redesigned to be more intuitive to developers, less
prone to security problems, and more Pythonic.
new packages. Most of which are the remaining modules of the Tryton
platform which weren't packaged. The others are dependencies of the new
modules. This was tested on FreeBSD and is based in large part on Richard
Palo's (richard@) work. This is the most recent release of the Tryton
platform, version 4.2. There's a very large list of changes from the 3.8
series we have in pkgsrc. If you're interested, those functional changes
can be found here:
http://www.tryton.org/posts/new-tryton-release-42.htmlhttp://www.tryton.org/posts/new-tryton-release-40.html
These are the perl5 bindings for libnetpgpverify.
These bindings allow OpenPGP (RFC 4880), including PGP and GPG, and
SSH signatures on files and data to be verified.
Python-GSSAPI provides both low-level and high level wrappers around
the GSSAPI C libraries. While it focuses on the Kerberos mechanism,
it should also be useable with other GSSAPI mechanisms.
Python-GSSAPI is composed of two parts: a low-level C-style API which
thinly wraps the underlying RFC 2744 methods, and a high-level,
Pythonic API (which is itself a wrapper around the low-level API).
Examples may be found in the examples directory.
The low-level API lives in gssapi.raw. The methods contained therein
are designed to match closely with the original GSSAPI C methods. All
relevant methods and classes may be imported directly from gssapi.raw.
Extension methods will only be imported if they are present.
The high-level API lives directly under gssapi. The classes contained
in each file are designed to provide a more Pythonic, Object-Oriented
view of GSSAPI. The exceptions from the low-level API, plus several
additional exceptions, live in gssapi.exceptions. The rest of the
classes may be imported directly from gssapi. Only classes are
exported by gssapi - all functions are methods of classes in the
high-level API.
