Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
- Fixes for machine-readable indices. Key expiration times are now read
from self-signatures on the key's UIDs. In addition, instead of 8-digit
key IDs, index entries now return the most specific key ID possible:
16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
- Add metadata information (number of keys, number of files,
checksums, etc) to key dump. This allows for information on the
key dump ahead of download/import, and direct verification of checksums
using md5sum -c <metadata-file>.
- Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
- Upgraded to cryptlib-1.7 and own changes are now packaged as separate
patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
- Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
- op=hget now supports option=mr for completeness (BB issue #17)
- Add CORS header to web server responses. Allows JavaScript code to
interact with keyservers, for example the OpenPGP.js project.
- Change the default hkp_address and recon_address to making the
default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
- Only use '-warn-error A' if the source is marked as development as per
the version suffix (+) (part of BB Issue #2)
- Reduce logging verbosity for debug level lower than 6 for (i) bad requests,
and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
- Add additional OIDs for ECC RFC6637 style implementations
(brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
- Fix a non-persistent cross-site scripting possibility resulting from
improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
- Fix X-HKP-Results-Count so that limit=0 returns no results, but include
the header, to let a client poll for how many results exist, without
retrieving any. See:
http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html
- Add UPGRADING document to explain upgrading Berkeley DB without
rebuilding. System bdb versions often change with new SKS releases
for .deb and .rpm distros.
- Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
- Update cryptokit from version 1.0 to 1.5 without requiring OASIS
build system or other additional dependencies
- build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
- common.ml and reconSC.ml were using different values for minumimum
compatible version. This has been fixed.
- Added new server mime-types, and trying another default document (Issue 6)
In addition to the new MIME types added in 1.1.[23], the server now
looks over a list and and serves the first index file that it finds
Current list: index.html, index.htm, index.xhtml, index.xhtm, index.xml.
- options=mr now works on get as well as (v)index operations. This is
described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
sections 3.2.1.1. and 5.1.
- Updated copyright notices in source files
- Added sksclient tool, similar to old pksclient
- Add no-cache instructions to HTTP response (in order for reverse proxies
not to cache the output from SKS)
- Use unique timestamps for keydb to reduce occurrances of Ptree corruption.
- Added Interface specifications (.mli files) for modules that were missing
them
- Yaron pruned some no longer needed source files from the tree.
- Improved the HTTP status and HTTP error codes returned for various
situations and added checks for more error conditions.
- Add a suffix to version (+) indicating non-release or development builds
- Add an option to specify the contact details of the server administrator
that shows in the status page of the server. The information is in the
form of an OpenPGP KeyID and set by server_contact: in sksconf
- Add a `sks version` command to provide information on the setup.
- Added configuration settings for the remaining database table files. If
no pagesize settings are in sksconf, SKS will use 2048 bytes for key
and 512 for ptree. The remainining files' pagesize will be set by BDB
based on the filesystem settings, typically this is 4096 bytes.
See sampleConfig/sksconf.typical for settings recommended by db_tuner.
- Makefile: Added distclean target. Dropped autogenerated file from VCS.
- Allow tuning BDB environment before creation in [fast]build and pbuild.
If DB_CONFIG exists in basedir, copy it to DB dir before DB creation.
Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG.
- Add support for Elliptic Curve Public keys (ECDSA, ECDH)
- Add check if an upload is a revocation certificate, and if it is,
produce an error message tailored for this.
1.1.3
- Makefile fix for 'make dep' if .depend does not exist. Issue #4
- Makefile fix: sks and sks_add_mail fail to link w/o '-ccopt -pg'
Issue #23
- Added -disable_mailsync and -disable_log_diffs to sks.pod
- Added file extensions .css, .jpeg, .htm, .es, .js, .xml, .shtml, .xhtm,
.xhtml and associated MIME types to server code. Part of Issue #6
- Added sample configuration files in sampleConfig directory
- Added sample web page files in sampleWeb directory. Issues #7, 9, 19
- Allow requests for non-official options hget, hash, status, & clean to
be preceded by '-x'. Closes issues #10, 11, 13, & 14.
- Allow &search with long subkey ID (16 digit) and subkey fingerprint
subkey lookup was failing with other than a short key ID. However,
public key lookup was working with short and long key ID and fingerprints.
This patch makes subkey lookup behave the same as full key lookup.
http://lists.gnupg.org/pipermail/gnupg-users/2012-January/043495.html
- Patch recon script so that POST includes HTTP version number.
decentralized, and highly reliable synchronization. That means that a key
submitted to one SKS server will quickly be distributed to all key servers,
and even wildly out-of-date servers, or servers that experience spotty
connectivity, can fully synchronize with rest of the system.
