Noteworthy changes in version 1.4.5 (2009-12-11)
------------------------------------------------
* Fixed minor memory leak in DSA key generation.
* No more switching to FIPS mode if /proc/version is not readable.
* Fixed a sigill during Padlock detection on old CPUs.
* Fixed a hang on some W2000 machines.
* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
SHA-256 went up by 25%.
Apart from infrastructure changes, there are the following functional ones:
+ Update to version 1.99.14/20091210
+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.
+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library
+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library
+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file
+ autoconf infrastructure changes
+ take a hammer to the _GNU_SOURCE definitions problems
+ don't rely on strnlen(3) being present everywhere
+ add rudimentary support for ssh keys
+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions
The seccure toolset implements a selection of asymmetric
algorithms based on elliptic curve cryptography (ECC). In
particular it offers public key encryption / decryption,
signature generation / verification and key establishment.
ECC schemes offer a much better key size to security ratio
than classical systems (RSA, DSA). Keys are short enough to
make direct specification of keys on the command line possible
(sometimes this is more convenient than the management of
PGP-like key rings). seccure builds on this feature and
therefore is the tool of choice whenever lightweight
asymmetric cryptography -- independent of key servers,
revocation certificates, the Web of Trust or even
configuration files -- is required.
collection - kudos to Jan Schaumann for pointing it out.
PAM module which permits authentication for arbitrary services
via ssh-agent. Written with sudo in mind, but like any auth
PAM module, can be used for for many purposes.
and "root" user-less platforms.
* replace one bash script shbang (for safe side, may bone shell is sufficient).
* fix PLIST for PR 40993.
add missing entries and back plist vars replaced for Darwin-apple excessively.
Bump PKGREVISION.
On SP initiated logout, the SP x509 certificate was included in the
HTTP redirect URL. First this was an SAML standard violation, and second
it inflated the URL beyond 2038 bytes, which is the maximum length for
IE7 and prior. As a result, SP initated single logout was broken with IE7
and prior versions.
changes:
-Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers
-Support for the "arcfour128" cipher
-Fix crash when server sends an invalid SSH_MSG_IGNORE message
1.) Use "hashlib" instead of "sha" module if possible.
2.) Use "subprocess" module instead of os.popen3().
Both changes tested with Python 2.4 and 2.6.
Pkgsrc-related improvements:
1.) Support "user-destdir" installation (no changes required).
2.) Set license to "gnu-gpl-v2".
3.) Reduce patches by recording the fact that the manual page gets
compressed automatically (which "pkgsrc" handles fine) instead
of trying to prevent that.
This is Crypt::ECB, a Perl-only implementation of the ECB mode. In
combination with a block cipher such as DES, IDEA or Blowfish, you can encrypt
and decrypt messages of arbitrarily long length. Though for security reasons
other modes than ECB such as CBC should be preferred. See textbooks on
cryptography if you want to know why.
In addition to this module you will need to install one or more of the
Crypt::DES, Crypt::IDEA, or Crypt::Blowfish modules.
changes:
-bugfixes
-API extensions
-documentation improvement
-The encoding of gpgme_data_t objects can affect the output encoding
of export, sign and encrypt operations now
-Using GPGME_KEYLIST_MODE_LOCAL combined with
GPGME_KEYLIST_MODE_EXTERN is now supported
0.9.0-beta8:
- Include spamhaus_drop.dat in the source distribution. Fix installation
issue (closes#364).
0.9.0-beta7:
- Initial SpamhausDrop plugin implementation, by
Wes Young <wes@barely3am.com> (closes#363)
- Do not discard --root parameters if prefix is absolute.
- Python 2.4 backward compatibility fixes.
- Handle plugin loading error gracefully.
- Improve WormPlugin accuracy, and make it carry a reference to the
initial event. The plugin used to alert when seeing an alert to a
given target, and this same alert going back to the source. This can
happen in a number of case (example: Netbios alert triggered by Snort)
As of now, the plugin will wait for the events to be repeated against
at least 5 differents hosts.
- Dshield CorrelationAlert now handle multiples events. Previously, we
used to generate a single Dshield CorrelationAlert for each events
where the source address would match the Dshield database. The plugin
now generate CorrelationAlert for multiples events received from the
same source.
* Version 2.8.5 (released 2009-11-02)
** libgnutls: In server side when resuming a session do not overwrite the
** initial session data with the resumed session data.
** libgnutls: Fix PKCS#12 encoding.
The error you would get was "The OID is not supported.". Problem
introduced for the v2.8.x branch in 2.7.6.
** guile: Compatibility with guile 2.x.
By Ludovic Courtes <ludovic.courtes@laas.fr>.
** tests: Fix expired cert in chainverify self-test.
** tests: Fix time bomb in chainverify self-test.
Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
** API and ABI modifications:
No changes since last version.
