Last updated over ten years ago, up-to-date security/ophcrack can do the
same and more, linux live CDs and what not offer better service than this
port.
OK benoit (maintainer)
Upstream is completely dead, we're the only ones packaging it, never
updated since import in 2001, unresponsive maintainer already removed,
got some clang fix in 2017, but that's it.
There plenty of password cracking tools available, most of which are
maintained.
OK sthen
HOMEPAGE is dead, last updated in 2014, only BSDs and Arch AUR package it.
Use socat(1) or ssh(1) or any other up-to-date tunneling solution.
OK benoit (maintainer)
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
ok aja@
OTP part of the yubikey, there is now upstream support for FreeBSD's
uhid(4) (as well as more modern uhidraw) so it seems a bit closer to
what we need, but still doesn't work directly with our uhid(4).
v1.13.1:
[BUGFIX] Handle from prefix correctly on mv (#2110, #2079)
[BUGFIX] Handle unencoded secret on cat
v1.14.0:
[BUGFIX] Always re-encrypt when fsck is invoked with --decrypt. (#2119, #2015)
[BUGFIX] Body only entries are detected now by show -o (#2109)
[BUGFIX] Do not hide git error messages (#2118, #1959)
[BUGFIX] Fix completion when password name contains (#2150)
[BUGFIX] Fix template func arg order (#2117, #2116)
[BUGFIX] Fixes an issue where recipients remove may fail (#2147, #1964)
[BUGFIX] Handle from prefix correctly on mv (#2110, #2079)
[BUGFIX] Handle unencoded secret on cat (#2105)
[BUGFIX] Make man page consistent with other docs (#2133)
[BUGFIX] Reject invalid salt with MD5Crypt templates (#2128)
[BUGFIX] depend *.deb on gnupg instead of dummy (#2050)
[CLEANUP] Deprecate gopasspw/pinentry (#2095)
[CLEANUP] Use Go 1.18 (#2156)
[CLEANUP] Use debug.ReadBuildInfo (#2032)
[DOCUMENTATION] Fixed link to passwordstore.org (#2129)
[DOCUMENTATION] document 'gopass cat' (#2051)
[DOCUMENTATION] improve 'gopass cat' (#2070)
[DOCUMENTATION] improve 'gopass show -revision -' (#2070)
[ENHANCEMENT] Add --chars option to print subset of secrets (#2155, #2068)
[ENHANCEMENT] Add age subcommand (#2103, #2098)
[ENHANCEMENT] Add gopass audit --expiry (#2067)
[ENHANCEMENT] Add gopass process (#2066, #1913)
[ENHANCEMENT] Allow overriding GPG path (#2153)
[ENHANCEMENT] Automatically export creators key to the (#2159, #1919)
[ENHANCEMENT] Bump to Go 1.18 (#2058)
[ENHANCEMENT] Enforce TLSv1.3 (#2085)
[ENHANCEMENT] Generics (#2034, #2030)
[ENHANCEMENT] Hide password on MacOS clipboards (#2065)
[ENHANCEMENT] Passage compat improvements (#2060, #2060)
[ENHANCEMENT] gopass git invokes git directly (#2102)
[ENHANCEMENT] Template support for the create wizard (#2064)
[ENHANCEMENT] Check for MacOS Keychain storing the GPG (#2144)
[EXPERIMENTAL] Support the Fossil SCM (#2092, #2022)
[FEATURE] Add env variables for custom clipboard commands. (#2091, #2042)
[FEATURE] only accept keys with "encryption" key capability (#2047, #1917, #1917)
[TESTING] Improve two line test ambiguity. (#2091, #2042)
[TESTING] Use a helper to unset env vars in clipboard tests. (#2091, #2042)
[UX] OTP code now runs in loop until canceled or used with -o (#2041)
v1.14.2:
[BUGFIX] Do not print missing public key for age. (#2166)
[BUGFIX] Improve convert output (#2171)
[BUGFIX] fix errors in zsh completions (#2005)
[CLEANUP] Migrating to a maintained version of openpgp (#2193)
[ENHANCEMENT] Avoid decryption on move or copy (#2183, #2181)
[UX] Upgrade xkcdpwgen to a new version that removes German (#2187)
v1.14.3:
[BUGFIX] Fix gpg identity detection (#2218, #2179)
[BUGFIX] Handle different line breaks in recipient (#2221, #2220)
[BUGFIX] Stop eating secrets on move (#2211, #2210)
[ENHANCEMENT] Add flag to keep env variable capitalization (#2226, #2225)
[ENHANCEMENT] Environment variable GOPASS_PW_DEFAULT_LENGTH can be used to overwrite default
password length of 24 characters. (#2219)
v1.14.4:
[BREAKING] gopass otp will automatically update the counter key in HTOP secrets! (#2278)
[BUGFIX] Allow removing unknown recipients with --force (#2253)
[BUGFIX] Honor PASSWORD_STORE_DIR (#2272)
[BUGFIX] Honor OTP key period from URL (#2278)
[BUGFIX] Wizard: Enforce min and max length. (#2293)
[CLEANUP] Use Go 1.19 (#2296)
[ENHANCEMENT] Automatically sync once a week (#2191)
[ENHANCEMENT] Scan for vulnerabilities and add SBOM on (#2268)
[ENHANCEMENT] Use packages.gopass.pw for APT packages (#2261)
v1.14.5:
[BUGFIX] Fix fsck progress bar. Mostly. (#2303)
[DOCUMENTATION] fix in recommended vim setting (#2318)
v1.14.6:
[BUGFIX] Do not show setup message on version (#2327)
[BUGFIX] Remove exported public keys of removed (#2328, #2315)
[ENHANCEMENT] Document extension model. (#2329, #2290)
v1.14.7:
[BUGFIX] Do not ignore symlinks when listing (#2344, #2173)
[BUGFIX] Do not shadow entries behind folders. (#2341, #2338)
[BUGFIX] Fix updater on Windows. (#2345, #2011)
[BUGFIX] Handle Ctrl+C in TOTP (#2342, #2320)
[ENHANCEMENT] Set vim options instead of sniffing (#2343, #2317)
v1.14.8:
[BUGFIX] Ignore not-existing .ssh dir (#2347, #2333)
[BUGFIX] Use Wait() to avoid Zombies (#2354, #1666)
[ENHANCEMENT] Allow modifying default create templates (#2349, #2291)
[ENHANCEMENT] Improve passage support (#2352, #2059)
[ENHANCEMENT] Use OS keychain for age passphrase caching (new config option, off by default).
(#2351, #2350)
v1.14.9:
[ENHANCEMENT] Make DBus notifications transient (#2364, #2358)
v1.14.10:
[BUGFIX] Correctly handle key removal on Windows (#2372, #2371)
[DOCUMENTATION] (#1878)
[ENHANCEMENT] Ignore comments in recipient files. (#2394, #2393)
[ENHANCEMENT] Improve key expiration handling (#2383, #2369)
[ENHANCEMENT] allow re-encrypting entire directory when (#2373)
OK sthen, op
No upstream, just a mirror left, no update since import in 1998, noone
else packages it.
We have net/nbtscan as a more recent alternative that is packaged by all
the major OSes as well; it has a dead homepage and lacks behind in
updates, but still seems in better shape.
OK sthen
Upstream last released in 2014, we never updated since import in 2010.
Use a linux live CD if you want to crack your Windows <= 7 passwords.
OK sdk ian
No update since import in 2013, upstream github moved to gitlab were
the last commit is ten years old, we're the only ones packaging it,
plain doesn't work unless you manually install two missing RDEPs.
Use the actively maintained security/sslscan instead.
OK sdk
The Open Crypto Development Kit is stuck in 2007, no major linux distro
packages it, out port's homepage points at the gnutls homepage which does
not seem to have any reference to this code, no port uses this.
OK jca
This dependency is required as per their CMake code, but libdigidocpp and
qdigidoc4 keep working fine without it, so patch it.
Apache no longer maintains Xalan-C, it is dead and won't receive security
updates.
Prodded by Roger Leigh (upstream maintainer), thanks.
this had been held off because the OTP management functions changed to
a different HID backend in 4.x which doesn't work with OpenBSD, but
in the meantime the old ones got broken by a libffi update, so there's
no point keeping 3.x around for that any more.
ykman fido appears to be slightly less stall-y with this version,
though you still need to sometimes unplug/replug the key (similar has
been seen just using py-fido2 directly so it's probably in there somewhere,
and it's not new)
the various programs in examples/ mostly work as expected with my
yubikey, however under some error conditions I had to unplug/replug
the key before anything would see it
If we need to make an exception we can do it and properly document the
reason but by default we should just use the default login class.
rc.d uses daemon or the login class provided in login.conf.d so this has
no impact there.
discussed with sthen@, tb@ and robert@
praying that my grep/sed skills did not break anything and still
believing in portbump :-)
If we need to make an exception we can do it and properly document the
reason but by default we should just use the default login class.
rc.d uses daemon or the login class provided in login.conf.d so this has
no impact there.
discussed with sthen@, tb@ and robert@
praying that my grep/sed skills did not break anything and still
believing in portbump :-)
