The new bugfix releases for supported versions of django CMS are out. They contain a lot of small (and some not so small) fixes ranging from frontend glitches to better Django 1.8 support. All users of django CMS 3.1x and 3.0.x are encouraged to upgrade.
Update HOMEPAGE. Set LICENSE.
0.28 2013/06/21
* No significant change. Maintenance purpose only.
0.27 2010/08/12
* Adding Camellia defined in RFC 5581.
"Stefan H. Holek" <stefan>
* Notation name is always text.
Risko Gergely <gergely>
install new bash completion files, given a lack of pkgsrc doctrine for
where they go.
New in 0.15.0; 2015-05-11
* new card drivers
AzeDIT 3.5
IsoApplet
MaskTech
* libopensc
allow extended length APDUs
accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
fixed sc_driver_version check
adjusted send/receive size accoriding to card capabilities
in iso7816 make SELECT agnosting to sc_path_t's aid
* asn1
support multi-bytes tags
* pkcs15
reviewed support and tool functions for public key
public certs and pubkeys with an auth_id are treated as private
* pkcs11
introduced default PKCS#11 provider
fetched real value of CKA_LOCAL for pubkey
removed inconsistent attributes
C_Digest issues
no check if buffer too small before update
* added support for Travis CI
* updated support of EC in libopensc, pkcs15 and pkcs11
* fixed number of warnings, resource leaks, overity-scan issues
* macosx
target minimum OSX version to 10.7
update the minimal building instructions.
locate and target the latest SDK to build against.
locate the best newest SDK present on the computer.
* build
disable Secure Messaging if OpenSSL is not used
* tools
util_get_pin helper function
* PIV
Add AES support for PIV General Authenticate
fixed invalid bit when writing PIV certificate object with gzipped certificate
fixed bad caching behavior of PIV PKCS15 emulator
* ePass2003
fixed failure due to re-authenticate of secure messaging when card is accessed
by multiple PKCS11 sessions
* MyEID
EC support for MyEID-v4 card
* openpgp
extended options for openpgp-tool
* asepcos
fixed puk handling
* sc-hsm
support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
improved error detection and reporting in sc-hsm-tool
fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
fix certificate delete bug
* IAS/ECC
fixed PKCS#11 compliance issues
support for Morpho IAS Agent Card
* cardos
overwrite content of deleted private key
* win32
setup improuvement
look & feel
custom actions with card registration
minidriver impouvement
fixed errors and warnings returned by Microsoft quality tool
pin-pad support
New in 0.14.0; 2014-05-31
* new card driver DNIe
* extended existing drivers by support of
Swedish eID card (gemsafeV1)
EstEID 3.5 (mcrd)
* bogus javacard driver removed
* build
return to the standard use of 'autoconf'
CI specific bootstrap script: git commit stamp for the built packages
windows friendly compile settings
fixed a ton of compiler warnings
fence against using EVP_sha256 mech
debian packaging templates
compile without OpenSSL and without SM
enable compiler warnings by default
win32
add 'VarFileInfo' block to version-info
include to MSI package 'openpgp-tool.exe'
'version-info' resource for each target
* macOSX
"graphical uninstaller" to distribution DMG
update package building to modern tools
new tool and SDK paths for OS X 10.8
improved opensc-installer from distribution
osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on
build 'fat' binaries i386
* common
added getpass implementation for non windows
* libopensc
allow for the pin to be entered on the keypad during issuing
introduce 'encoded-content' to the sc_file data
general usage method to allocate generalized time
* minidriver
implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin'
improved management of GUID
use reader pin pad if available and allowed
configuration options for
compose GUID
refuse create container mechanism
add registers file for feitian cards
fixed
return code in 'CardGetContainerInfo'
returned 'tries-left' for blocked card
length of stripped data in RSADecrypt
* pkcs#11
bind non-recognized card, generic 'init-token' procedure
fixed
CKA_VALUE of 'public-key' object
fix ASN1 encoding issues
PIN-NOT-INITIALIZED for the non-user PINs
buffers overflow
segfault due to the undefined 'application-file'
* pkcs15
'direct' public key in PuKDF encoding
implement SPKI public key encoding
include and maintain minidriver framework data: cmap-record, md-flags, GUID, ..
fixed
encoding of 'SubjectPublicKeyInfo'
DER encoding of 'issuer' and 'subject'
PIN validation in 'pkcs15-verify'
public key algorithm
ECC public key encoding
ECC ecpointQ
* pkcs15init
introduce 'max-unblocks' PIN init parameter
keep cert. blob in cert-info data
file 'content' and 'prop-attrs' in the card profile
in profile more AC operations are parsed
fixed
NULL pointer dereference error
NULL 'store-key' handle
ignore if no TokenInfo file to update
set EC pubkey parameters from init data
* reader-pcsc
fixed
implicit pin modification
pin checking when implicitly given
verify/modify pinpad commands
* SM
common SM 'increase-sequence-counter' procedure
move SM APDU procedures to dedicated source file
move SM common crypto procedures to the dedicated library
* doc
documentation for --list-token-slots
* default driver
do not send possibly arbitrary APDU-s to an unknown card.
by default 'default' card driver is disabled
* sc-hsm
Added support for
persistent EC public keys generated from certificate signing requests
token label to be set via C_InitToken or sc-hsm-tool
unblock PIN using C_InitPIN()
initialize EC key params
fixed
bug that prevents a newly generated 2048 key to show up at the PKCS#11 interface
bug when changing SO-PIN with opensc-explorer sc-hsm-tool
memory checking and removed warning
problem deleting CA certificates sc-hsm
public key format returned when generating ECC keys
sc-hsm-tool
better error handling for non-SmartCard-HSM cards
support for DKEK password sharing scheme
threshold scheme parameters to manpage
crash on Windows when --wrap-key frees memory allocated in opensc.dll
* ias
simplify the compute signature operation
* PIV
use SPKI encoding for public key data
extract public key from cert if no object on card
fix
segfault and valgrind issue
gen_key to expect the proper PIV Key references
* CardOS
build for Windows
use information from AlgorithmInfo
supported CardOS V5.0
* epass2003
key generation allows stricter privkey/pubkey ACLs
list_files implemented
properly disable padding
allow exponents other than 65537
* myeid
fixed file-id in myeid.profile
* entersafe
fix a bug when writing public key
* EstEID
match card only based on presence of application.
* pteid
do not call the iso7816 driver get_response operation
* myeid
support of EC key is broken
1.4.24 - 7 August 2015, Ludovic ROUSSEAU
- 253 new ATRs
- ATR_analysis: better update of the local cache
1.4.23 - 13 September 2014, Ludovic ROUSSEAU
- 137 new ATRs
1.8.14: Ludovic Rousseau
5 August 2015
- Threading: lock the PC/SC context in a safe way
- Threading: lock the card context in a safe way
- SCardGetStatusChange(): fix card movement rare bug
- Doxygen:
. SCardTransmit() may return SCARD_E_INSUFFICIENT_BUFFER
. SCardEndTransaction() The disposition IS used and the dwDisposition
parameter HAS an effect.
. SCardReconnect() do not release locks
. fix typos
- Move the source code repository from subversion to git
- Use asprintf(3) instead of strlcat(3) and strlcpy(3)
- Allow to use pcscd in a remote session (polkit issue)
- Some other minor improvements and bug corrections
pcsc-lite-1.8.13: Ludovic Rousseau
7 November 2014
- fix a systemd + libudev hotplug bug introduced in version 1.8.12.
The list of readers was not (yet) available just after the start of pcscd
- Make the license more 3-clause BSD like
- fix a rare race condition in the (non default) libusb hotplug
- Some other minor improvements and bug corrections
Lots of people have been using make replace for many years, at least
since 2006. It hasn't been experimental for most of those years, and
there have been no reports of "data loss".
The upstream distribution tries to use qt as a framework, but pkgsrc
provides it as a normal package. This commit comments out the special
case logic in configure that uses "-framework QtCore" on OS X.
(configure.in is patched too, because that's the source file, even
though it's not rebuilt.)
Bitrig uses ELF on amd64 & arm and does not have any legacy dependency on a.out.
Remove if statement to check $MACHINE_ARCH is x86_64 in-order to set $OBJECT_FMT
to ELF, preventing $OBJECT_FMT being set to a.out by mistake.
Reviewed by joerg@
without arguments, strip(1) will attempt to strip all symbols by default,
and when it is unable to do this will fail with a non-zero exit status.
Passing '-u -r' to strip(1) would in theory resolve the issue, but there
is no simple of way of doing this due to the way strip is called by the
native install program through XCode. We would need to build a patched
bsdinstall for Darwin, so for now we just disable stripping on install,
as many packages have had to do individually up until now.
performance improvements on at least OSX and SunOS, where each file is stat'd
rather than just the links we are looking for, especially with large package
directories over NFS.
Database and regexp map functionality is now split into separate packages:
- postfix-cdb
- postfix-ldap
- postfix-lmdb
- postfix-mysql
- postfix-pcre
- postfix-pgsql
- postfix-sqlite
Upstream changelog follows.
Postfix 3.0.2
-------------
No delta against 2.11.6.
Postfix 3.0.1
-------------
- Build error when compiling the Postfix SMTP server with SASL support
but no TLS support.
- The DNS "resource record to text" converter, used for xxx_dns_reply_filter
pattern matching, appended a '.' to TXT record resource values.
- The postscreen(8) manpage specified an incorrect Postfix version number
for the postscreen_dnsbl_timeout parameter.
- The postfix-install script expanded macros in parameter values when
trying to detect parameter overrides, causing unnecessary main.cf updates
during "postfix start" etc.
- Some low-level cleanup of UTF-8 string handling with no visible change
in behavior (besides better performance).
Postfix 3.0.0
-------------
- SMTPUTF8 support for internationalized domain names and address
localparts as defined in RFC 6530 and related documents.
- Support for Postfix dynamically-linked libraries and database plugins.
- An OPT-IN safety net for the selective adoption of new Postfix default
settings. If you do nothing, the old Postfix default settings *should*
remain in effect (complain to your downstream maintainer if that is not
the case).
- Support for operations on multiple lookup tables. The
pipemap:{map1,map2...} database type implements a pipeline of lookup
tables where the result from one lookup table becomes a query for
the next table; the unionmap:{map1,map2,...} database type sends the
their time compiling, and 50% spinning in shell scripts. If you'd rather
spend your power bill on useful gcc cycles though, you might desire to use a
different shell for running build scripts - like pdksh, which is conveniently
available at bootstrap time.
But what if pdksh does this to you?
pdksh -c 'f=`pdksh -c set | wc -l`; f=$((f+1)); while ((f < 100000)); do f=$((f+1)); eval "v_${f}=0"; echo "$f"; done'|tail -1
13106
segmentation fault (core dumped) pdksh -c
Well that's annoying, isn't it.
% echo $(((13106*10+7)/8))
16383
... that's a magical number. Coincidence? Well, no.
tp->nfree = 8*nsize/10; /* table can get 80% full */
This particularly ugly overflow happens because tp->size is a short. When
texpand() does:
p = &ntblp[hash(tblp->name) & (tp->size-1)];
tp->size-1 will, given enough variables (80% of 2^15), type coerce into a
sign-extended 32-bit value of:
info registers $ecx
ecx 0xffff7fff -32769
That hash() function does more or less what you guess, it's a 32 bit unsigned
value. The chances of the final pointer pointing inside the valid allocated
block of memory are very low indeed.
The least-change solution is to change tp->size to a 32 bit value. I've left
it signed because that matches, for example, the size parameter passed to
texpand(). But really this code would be more correct with a liberal
sprinkling of "unsigned", and perhaps a bit of "size_t".
This change allows ffmpeg's configure script, as interpreted by pdksh, to
produce more usable output than a core file.
Bump PKGREVISION for code change.
