Pkgsrc changes:
+ quieten warnings from gcc 4.5.3 about uninitialised variables
Distribution changes:
SI6 Networks' IPv6 Toolkit v1.4 release
* frag6: Fixed the flooding option
Fixed the fragment size used when employing the flooding option. It was
prevously sending fragment sizes that where not a multiple of eight, and
hence these fragments were dropped.
* scan6: Added support for 64-bit encoding of IPv4 addresses
Option "--tgt-ipv4" was augmented to support both encodings (32 bit
and 64 bit) of embedded IPv4 addresses.
* tcp6: Fixed response to Neighbor Solicitations
tcp6 was not responding to incomming Neighbor Solicitations. Hence, when
packets were sent from spoofed addresses, tcp6 would never receive the
response packets, because the NSs sent by the local router or target node
would never be responded.
* tcp6: Added support for TCP Window-based attacks
tcp6 can now close the window after sending an app-layer command, and
also "modulate" the TCP window to circumvent trivial mitigations for these
attacks ("--window-mode" and "--win-modulate" options).
* tcp6: Support for multiple connection-establishment types
tcp6 can now cause e.g. TCP simultaneous opens (see the "--open-mode"
option).
* tcp6: Support for multiple connection-termination types
tcp6 can now perform multiple connection-termination types (see the
"--close-mode" option).
* tcp6: Support for sending application layer requests
tcp6 can now send application-layer requests with the "--data" option.
* Many improvements to the manual pages.
Fixed the troff encoding of many manual pages. Added ipv6toolkit(7), that
describes a general description of the toolkit.
* All: Fixed bug in link-layer destination address selection
Tools now try to find a local router or perform Neighbor Discovery only
when necessary (i.e., underlying link-layer is *not* loopback or tunnel,
destination address is *not* link-local, and a link-layer destination
address has *not* been specified).
* All: Fixed bug in option handling
Incorrect data type was used for the return value of getopt_long(), thus
leading to problems in some architectures.
* All: Fixed a number of issues with pcap_next_ex()
The timeout parameter of pcap_next_ex() is now based on the platform (the
previous constant value had different semantics in different platforms).
Additionally, handle the case where pcap_next_ex() returns no packets.
* All: General improvements and clean-up
The development process now includes building the toolkit with the clang
compiler (in addition to gcc), which has lead to the identification of a
number of issues.
* All: Improved support for building the toolkit.
The toolkit now contains one makefile for pmake, and another for GNU make.
Added support for the DESTDIR variable. Appropriate paths are selected
based on the value of a number of variables. Configuration file is
dynamically generated, with the right path to the oui.txt file.
Pkgsrc changes:
* Get rid of ruby dependencies, since the validator is no longer
included in OpenDNSSEC
* Adapt PLIST to changes in installed files
* Add a patch so that the database migration scripts are installed
as part of the package
Upstream notable changes:
* SUPPORT-58: Extend ods-signer sign <zone> with -serial <nr> so
that the user can specify the SOA serial to use in the signed
zone [OPENDNSSEC-401].
* OPENDNSSEC-91: Make the keytype flag required when rolling keys
Bugfixes:
* SUPPORT-60: Fix datecounter in case inbound serial is higher
than outbound serial [OPENDNSSEC-420].
* OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on
SOA Minimum change.
* OPENDNSSEC-421: Signer Engine: Fix assertion error in case
NSEC3 hash algorithm in signconf is not SHA1.
* OPENDNSSEC-421: ods-kaspcheck: Check whether NSEC3 hash algorithm
in kasp is valid.
* Bugfix: The time when inbound serial is acquired was reset
invalidly, could cause OpenDNSSEC wanting AXFR responses while
requesting IXFR (thanks Stuart Lau).
* Bugfix: Fix malform in Outbound IXFR/TCP subsequent packet
(thanks Stuart Lau).
* OPENDNSSEC-398: The ods-ksmutil key rollover command does not
work correctly when rolling all keys using the -policy option
This fixes a buffer overflow which was patched in pkgsrc (CVE-2013-4852),
two other buffer overflows (CVE-2013-4206, CVE-2013-4207), and
it clears private keys after use now (CVE-2013-4208).
Other than that, there are mostly bug fixes from 0.62 and a few
small features.
libcurvecpr is a library implementation of Dan Bernstein's CurveCP
libcurvecpr is a low-level, networking-independent implementation of
Daniel J. Bernstein's CurveCP.
libcurvecpr is based on a system of callbacks that must be implemented
by library users. Like the reference CurveCP implementation, the
client, server, and message-handling portions of libcurvecpr are
entirely independent of each other.
This means that while it's slightly more effort to build software
based on libcurvecpr than other packages, it provides complete freedom
to use any underlying mechanism for handling network traffic you want
- whether it's an IPC connection to another program, standard
poll(2)-type functionality, or libev.
-----------------
Duncan Ferguson <duncan_ferguson@user.sf.net> - v4.01_05
- New option (-m, --unique-servers) to remove repeated servers when openeing terminals (Thanks to Oliver Meissner)
- Drop MYMETA.yml and .json files from the distribution
- Do not set default user name to prevent overriding ssh configuration
2013-02-26 Duncan Ferguson <duncan_ferguson@user.sf.net> - v4.01_04
- Fixed 'ccon' not calling the correct command (Sf bug 3605002)
- Fixed clusters not being defined correctly within the .clusterssh/config file (Sf bug 3605675)
2013-02-15 Duncan Ferguson <duncan_ferguson@user.sf.net> - v4.01_03
* Correct documentation for references to $HOME/.clusterssh/config
* Re-add user back into the configurartion file
* Add in missing newline for some error messages
* Allow the path to rsh/ssh/telnet to be defined in the configuration file
* Move .csshrc to .csshrc.DISABLED since it should no longer be used
* Error emitted when adding a host via the "Hosts" drop-down (Debian bug ID #578208)
* Pastes uses a strange keyboard layout (Debian bug ID #364565)
* Cope with being invoked by 'clusterssh' (Debian bug ID #644368)
* Fix migration of .csshrc when not working as expected (Debian bug ID #673507)
* Remove doc references to 'always_tile' as renamed 'window_tiling' (Debian bug ID #697371)
* Updated manpage whatis entries (patch by Tony Mancill)
* Fix watch line expression to catch 4.x series tarballs (Debian patch LP ID #1076897)
* Allow tests to pass successfully when run as root
* Fix cssh starting if xterm is not installed (Sf bug 3494988)
* Set WM_CLASS on windows to 'cssh' (Sf bug 3187736)
2012-12-09 Duncan Ferguson <duncan_ferguson@user.sf.net> - v4.01_02
* Fix logic when using 'autoclose' on the command line or config file
* Fix $HOME/.clusterssh/clusters being read in
* Fix 'ctel', 'crsh' and 'ccon'so they work as expected
pkgsrc changes:
---------------
FETCH_USING= curl, as PyPi moved to https.
Upstream changes:
-----------------
v1.11.0 (26th Jul 2013)
-----------------------
* #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now
creates the shared memory map with explicit Security Attributes of the user,
which is the same technique employed by the canonical PuTTY library to avoid
permissions issues when Paramiko is running under a different UAC context
than the PuTTY Ageant process. Thanks to Jason R. Coombs for the patch.
* #100: Remove use of PyWin32 in `win_pageant` module. Module was already
dependent on ctypes for constructing appropriate structures and had ctypes
implementations of all functionality. Thanks to Jason R. Coombs for the
patch.
* #87: Ensure updates to `known_hosts` files account for any updates to said
files after Paramiko initially read them. (Includes related fix to guard
against duplicate entries during subsequent `known_hosts` loads.) Thanks to
`@sunweaver` for the contribution.
v1.10.2 (26th Jul 2013)
-----------------------
* #153, #67: Warn on parse failure when reading known_hosts file. Thanks to
`@glasserc` for patch.
* #146: Indentation fixes for readability. Thanks to Abhinav Upadhyay for catch
& patch.
Passlib is a password hashing library for Python 2 & 3, which
provides cross-platform implementations of over 30 password hashing
algorithms, as well as a framework for managing existing password
hashes. It's designed to be useful for a wide range of tasks, from
verifying a hash found in /etc/shadow, to providing full-strength
password hashing for multi-user application.
** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler.
** libgnutls: Solve issue with received TLS packets that exceed 2^14.
(this fixes a bug that was accidentally introduced in 3.2.2)
** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be
used by the library.
** libgnutls: Fixes in gnutls_record_send_range().
** API and ABI modifications:
gnutls_priority_kx_list: Added
gnutls_priority_mac_list: Added
gnutls_priority_cipher_list: Added
PACK (Password Analysis and Cracking Toolkit) is a collection of
utilities developed to aid in analysis of password lists and
enhancing cracking of passwords using smart rule generation. It
can be used to reverse word mangling rules, generate source words
and optimize password masks for the Hashcat family of tools.
NOTE: The toolkit itself is not able to crack passwords, but instead
designed to make operation of password crackers more efficient.
Changelog:
Changes from 2.22 to 2.23:
New Features:
New password quality estimation algorithm.
Added toolbar buttons: 'Open URL(s)', 'Copy URL(s) to Clipboard' and 'Perform Auto-Type'.
Added 'Generate Password' command in the context menu of the KeePass system tray icon.
Added 'Copy history' option in the entry duplication dialog (enabled by default).
Added 'Duplicate Group' context menu command.
In the MRU list, currently opened files now have an '[Opened]' suffix and are blue.
When a dialog is displayed, (double) clicking the KeePass system tray icon now activates the dialog.
Added {T-REPLACE-RX:...} placeholder, which replaces text using a regular expression.
Added {VKEY-NX X} and {VKEY-EX X} special key codes.
Added 'Perform auto-type with selected entry' trigger action.
Added 'Import into active database' trigger action.
Mozilla Bookmarks HTML import: added support for groups, bookmark descriptions and icons.
Mozilla Bookmarks JSON import: bookmark descriptions are now imported into the note fields of entries.
RoboForm import: added support for the new file format.
Added support for importing Network Password Manager 4.0 CSV files.
Enhanced SafeWallet XML importer to additionally support importing web entries and groups from very old export file versions (for newer versions this was already supported).
Added database repair mode warning.
Added option to accept invalid SSL certificates (turned off by default).
Added user activity notification event for plugins.
File transactions for FTP URLs are now always disabled when running under .NET 4.0 in order to workaround .NET bug 621450.
Added workaround for Mono list view item selection bug.
Added workaround for Mono bug 649266; minimizing to tray now removes the task bar item and restoring does not result in a broken window anymore.
Added workaround for Mono bug 5795; text and selections in password boxes are now drawn properly (a monospace font can only be used on Windows due to the bug).
Added workaround for Mono bug 12525; dialog banners are now drawn correctly again.
Added workaround for Mono form loading bug.
KPScript: added 'Import' command.
KPScript: the 'ListEntries' command now also outputs date/time fields of entries.
Improvements / Changes:
When the option for remembering the last used database is enabled, KeePass now remembers the last active database (instead of the last opened or saved database).
The 'Add Group' command and the F2 key in the groups tree view now open the group editing dialog; in-place tree node label editing is disabled.
Custom string and plugin-provided columns in the 'Configure Columns' dialog are sorted alphabetically now.
Improved behavior when closing inactive databases.
Improved support for trigger actions during database closing.
The 'Special' GUI character set now includes '|' and '~'.
The 'High ANSI' character set now consists of the range [U+0080, U+00FF] except control and non-printable characters.
The options dialog is now listed in the task bar when it is opened while KeePass is minimized to the system tray.
A remembered user account usage state can now be preset even when the user account option is disabled using key prompt configuration flags.
Improved initial input focus in key creation/prompt dialogs when key creation/prompt configuration flags are specified.
During synchronization, the status dialog is now closed after all files have been saved.
Improved behavior of the global KeePass activation hot key when a dialog is displayed.
Changed auto-type command icon.
Shortened product name in main window title.
Improved data URI validation.
Custom clipboard data is now encoded as data URI (with a vendor-specific MIME type).
Improved configuration loading performance.
Enhanced IO connection problem diagnostics.
Improved single instance checking on Unix-like systems.
KeePassLibC DLLs and ShInstUtil are now explicitly marked as DEP- and ASLR-compatible (like the executable file).
Various UI improvements.
Various code optimizations.
Minor other improvements.
Bugfixes:
The suffixes to the 'Inherit setting from parent' options on the 'Behavior' tab of the group editing dialog now correctly show the inherited settings of the current group's parent.
When locked, the main window's title doesn't show the full path of the database anymore when the option 'Show full path in title bar (instead of file name only)' is turned off.
The status bar is now updated correctly after sorting by a column.
Changes from 2.21 to 2.22:
New Features:
When the option for remembering key sources is enabled, KeePass now also remembers whether the user account is required.
Added 'View' -> 'Grouping in Entry List' menu.
Added 'Close active database' trigger action.
Added '-ioiscomplete' command line option, which tells KeePass that the path and file system credentials are complete (the 'Open URL' dialog will not be displayed then).
Added support for importing SafeWallet XML files (3.0.4 and 3.0.5).
Added support for importing TurboPasswords 5.0.1 CSV files.
LastPass CSV importer: added support for group trees.
Alle meine Passworte XML importer: added support for custom fields and group names with special characters.
Password Safe XML importer: added support for the e-mail field.
Added 'Help' button in the generic CSV importer dialog.
Added workaround for .NET bug 642188; top visible list view items are now remembered in details view with groups enabled.
Added workaround for Mono form title bar text update bug (which e.g. caused bug 801414).
Improvements / Changes:
After closing a character picking dialog, KeePass now explicitly activates the previous window.
Improved behavior when cancelling the icon picker dialog.
Main window activation redirection now works with all KeePass dialogs automatically.
The window state of the current database is now remembered before opening another database.
Previous parameters are now discarded when switching between different trigger event/condition/action types.
Unified separators in group paths.
The UI state is now updated after adding an entry and clicking an entry reference link in the entry view.
The '-entry-url-open' command line option now searches for matching entries in all open databases.
Improved database context determination when opening an URL.
Added support for special values in date/time fields imported from KeePass 1.x.
Improved HTML entity decoding (support for more entities and CDATA sections, improved performance, ...).
RoboForm HTML importer: URLs are converted to lower-case now and support for a special order rotation of attributes has been added.
Removed Password Gorilla CSV importer; users should use the generic CSV importer (which can import more data than the old specialized CSV importer).
Improved file discoveries.
Improved test form entry auto-type window definition.
In the MSI package, the version is now included in the product name.
Native key transformation library: replaced Boost threads by Windows API threads (because Boost threads can result in crashes on restricted Windows 7 x64 systems).
Various UI improvements.
Various code optimizations.
Minor other improvements.
Bugfixes:
(None).
Upstream changes:
1.09 - Tue 23 Jul '13
made SvUPGRADE a statement
corrected VERSION statement
fixed _idea.c for Strawberry
(No upstream changelog for 1.10)
Noteworthy changes in version 1.5.3 (2013-07-25)
------------------------------------------------
* Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys. See <http://eprint.iacr.org/2013/448>.
Noteworthy changes in version 1.4.14 (2013-07-25)
-------------------------------------------------
* Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys. See <http://eprint.iacr.org/2013/448>.
* Fixed IDEA for big-endian CPUs
* Improved the diagnostics for failed keyserver lockups.
* Minor bug and portability fixes.
