pwdsphinx (2.0.0~rc2-1) unstable; urgency=low * New upstream, released 2025-01-17 [ changes by Stefan Marsiske ] [fix] otp:// converter and test case [fix] test/sphinx.cfg so it works with ltsigkey_path and test.py generated keys [fix] test.py so it works with b64 ltsigkeys [doc] documented webauthn_data_dir in man and sample cfg [doc] updated docs/example cfg with ltsigkey_path [mod] more robust and informative deletion of v1 records [enh] ltsigkey_path points at a file, while ltsigkey contains a b64 encoded pubkey in sphinx config section [doc] reviewed and updated whitepaper * d/control: make build-depends python3-pyoprf versioned: >= 0.6.0, cf upstream. Fixes FTBFS, thanks Santiago Vila. Closes: #1092041. BTW: on salsa.d.o: we pass all 11 pipeline jobs. however we fail 2 tests: see https://salsa.debian.org/debian/pwdsphinx/-/jobs/6943011/raw: python 3.12: Ran 14 tests in 0.174s FAILED (errors=2); 3.13: Ran 14 tests in 0.194s FAILED (errors=2) -- Joost van Baal-Ilić Sat, 18 Jan 2025 09:44:33 +0100 pwdsphinx (2.0.0~rc1-1) unstable; urgency=low * This release was never uploaded to the Debian archive. * New upstream, released 2025-01-13 [ changes by Stefan Marsiske ] [fix] v1users fails during ratelimit if record non-existant [doc] update to man and readme [mod] notify user of v1-v2 upgrade and delete of v1 rec, also export delete_upgraded in qr code [enh] delete empty userblobs automatically [fix] infoleak for existing records based on delete auth failures [enh] implement automatic deletion of upgraded v1 records [enh] added support to retrieve v1 user blobs transparently [fix] we need pyoprf v0.6.0 or better with this version [enh] more refinements to v1get backward compat, also works now with zphinx-zerver [mod] guard v1get test [fix] don't run init after main finishes in oracle [enh] added backward compatibility support for getting records made with v1 sphinx [enh] added test for getting non-existing record [fix] changed ruleblob means different version for blobs -- Joost van Baal-Ilić Wed, 15 Jan 2025 06:54:26 +0100 pwdsphinx (1.99.3-beta-1) unstable; urgency=low * This release was never uploaded to the Debian archive. * New upstream, released 2025-01-07. [ changes by Stefan Marsiske and Adam Tauber ] [mod] bumped to v1.99.3-beta [enh] changed rwd size from 32 to 64 bytes, allowing longer secrets to be stored with SPHINX [mod] disabled test_get_inv_mpwd test which can fail with a 1/32 chance [mod] documented argon2i hardening step in SPHINX protocol, and size of rwd changing from 32 to 64 bytes [fix] adds missing argon2i hashing of rwd which got lost when going from libsphinx to liboprf (thx stsch9 for noticing) [fix] should fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092041 and all other debian build related test failures [mod] adapt to the state-struct removal from pyoprf tpdkg [fix] remove debug messages [fix] parse opaque store config only if it is available [enh] finalize webauthn get [fix] add clientdata fields at the right place [enh] update attestation object generation [enh] enhance webauthn [enh] finalize webauthn create response [fix] use correct data formats [enh] add webauthn GET [fix] remove unnecessary user creation/deletion [enh] store webauthn.create sk under pk "username" [enh] create client data for webauthn.get [fix] remove dbg messages [enh] finalize messaging between webauthn methods & websphinx [fix] adjust message processing ++ error handling finetune [doc] added opaquestore integration section to manpage [doc] added opaque-store integration to readme [enh] added extensive end2end tests for opaque-store integration [mod] changed test key/cert to p256 from rsa [fix] import of ostore in sphinx.py [fix] test for singlemode cannot run corrupted dkg test [mod] added integration of opaque-store to sphinx client [mod] reenabled mocking of print in test.py [enh] added tests for predefined pwd and raw outputs [fix] raw converted was buggy, due to clearmem overwriting the result of the raw "conversion "... [enh] allow predefined outputs for raw:// users [mod] updated manpages and sphinx example cfg [mod] also output the ltsig pubkey as b64 string when running init [fix] also in sphinx-x11 handle inputs starting with - [mod] switched to select() in oracle before accepting, in hope it fixes the problem with debian autopkgtest in their build ci/cd step [fix] make ws-test and webauth-create work [fix] json needs doublequotes in ws-test [enh] ws-test takes now ready made json inputs [enh] implement messaging between content script & background.js * d/rules: enhance override_dh_auto_install: remove possibly leftover files from our tests. * d/rules: explicitly set SHELL: allow bashisms in commandlines. * d/control: remove libsphinx0 (>= 1.1.1) from pwdsphinx Depends: no longer needed. BTW: on salsa.d.o: we pass all 11 pipeline jobs. however we fail lots of tests: see https://salsa.debian.org/debian/pwdsphinx/-/jobs/6900750/raw: python 3.12: Ran 271 tests in 91.685s FAILED (errors=162); python 3.13: Ran 271 tests in 104.941s FAILED (errors=162). -- Joost van Baal-Ilić Sat, 11 Jan 2025 09:23:30 +0100 pwdsphinx (1.99.2-beta-6) unstable; urgency=low * This release was never uploaded to the Debian archive. * d/changelog: fix line length in entry 1.99.2-beta-4. Thanks lintian. * d/patches/series: disable 0006-disable-some-tests.patch. we now run all upstream supplied tests. * d/rules: make all errors in tests non-fatal. BTW: on salsa.d.o: we pass provisioning, we fail build, we pass test: pipelines/788365. We pass 2 builds; we fail the "build i386" with "Ran 193 tests FAILED (errors=121)" and "dh_missing: error: missing files, aborting". We pass 5 tests including the autopkgtest. -- Joost van Baal-Ilić Sun, 29 Dec 2024 11:03:34 +0100 pwdsphinx (1.99.2-beta-5) unstable; urgency=low * d/tests/control: Add flaky to Restrictions: we've seen some autopkgtest results changing from pass to fail without any relevant changes in our sources. -- Joost van Baal-Ilić Fri, 27 Dec 2024 11:18:15 +0100 pwdsphinx (1.99.2-beta-4) unstable; urgency=low * debian/tests/control: do not run autopkgtest on architectures armel armhf i386 ppc64el riscv64; currently this means: limit to amd64 arm64 s390x. After consulting with upstream, we for now no longer run tests which have been shown to fail on the ci.debian.net testbeds. Do note that upstream runs unittests, and github runs unittests on upstreams behalf: the wide coverage we currently have gives us enough confidence. * debian/patches/0006-disable-some-tests.patch: for now, also disable in tests/test.py: - test_main_create: tests.test.TestEndToEndNoUserlist.test_main_create fails during build's autopkgtest on salsa.d.o - test_rules_d: tests.test.TestEndToEndNoneEither.test_rules_d fails during build i386's autopkgtest on salsa.d.o BTW: on salsa.d.o: we pass provisioning, we fail build, we pass test: pipelines/786814. We pass 2 builds; we fail the "build i386" with "Ran 37 tests", "FAILED (errors=8)" (twice). We pass 5 tests including the autopkgtest. -- Joost van Baal-Ilić Thu, 26 Dec 2024 12:17:47 +0100 pwdsphinx (1.99.2-beta-3) unstable; urgency=low * debian/patches/0006-disable-some-tests.patch: for now, also disable in tests/test.py: - test_rules_ulsd: for some reason this test fails in autopkgtest on ci.debian.net. - test_create_user_xormask: for some reason this test fails on salsa.d.o. - test_rules_u: for some reason tests.test.TestEndToEndNoRWD_Keys.test_rules_u and tests.test.TestEndToEndNoneEither.test_rules_u fail in autopkgtest on salsa.d.o. - test_recreate_user and test_invalid_rules: for some reason tests.test.TestEndToEndNoUserlist.test_invalid_rules and tests.test.TestEndToEndNoUserlist.test_recreate_user sometimes fail during build on salsa.d.o. BTW: we now pass all 193 tests twice (on uploaders system). NB: tests need write access on /dev/shm/ . Thanks stef. On salsa.d.o, result w/ all tests enabled is: "Ran 193 tests in 67.009s FAILED (errors=121)". -- Joost van Baal-Ilić Sun, 15 Dec 2024 14:37:24 +0100 pwdsphinx (1.99.2-beta-2) unstable; urgency=low * debian/patches/0006-disable-some-tests.patch: also disable test_rules_l in tests/test.py . -- Joost van Baal-Ilić Wed, 04 Dec 2024 16:46:02 +0100 pwdsphinx (1.99.2-beta-1) unstable; urgency=low * New upstream, released 2024-11-14. [ changes by Stefan Marsiske and Adam Tauber ] [fix] make ws-test and webauth-create work [fix] json needs doublequotes in ws-test [enh] ws-test takes now ready made json inputs [enh] implement messaging between content script & background.js [enh] implement webauthn-create background.js call [enh] add webauthn-create command to websphinx [enh] finalize the communication between the page and content js [enh] add "echo" command for debugging [mod] refactor command handling [enh] update webauthn parameters [enh] forward credentials [enh] create credentials [enh] initialize page-contentjs-bgjs communication [fix] single mode works again [enh] added tests for single mode configs [fix] typo in oracle.py [enh] added some sanity checks, and oracle can now create a long-term signing keypair [mod] sphinx qr now handles also userlist, threshold and list of servers [mod] enforce all peers being active in some actions [doc] small fixes to whitepaper [doc] updated whitepaper [doc] s/libsphinx/liboprf/ in README [enh] improved error message for get, warning about possible phishing attempt [mod] update spdx header year [doc] fix typos in type-pwd.1 [doc] fix typos also in sphinx.1 [doc] fix typos in oracle.1 [fix] make path to oracle in endtoendtest absolute relative to sphinx module [fix] default config to toml * d/patches/0005-oracle-from-src.patch: removed: merged upstream. * d/patches: remove 0001-pwdsphinx-convertors-setup.patch 0002-pwdsphinx-convertors-manifest.patch 0003-sphinx.cfg-keyerror.patch 0004-sphinx.cfg: shipped with earlier upstream 1.99.1-beta-1 . * d/patches/series: NB: 0006-disable-some-tests.patch is still enabled. If disabled, result is: Ran 193 tests, FAILED (failures=4, errors=92). If enabled, result is (on uploaders system): Ran 85 tests, OK . * d/control: updated Standards-Version from 4.5.1 to 4.7.0 (no changes needed). -- Joost van Baal-Ilić Wed, 04 Dec 2024 15:14:18 +0100 pwdsphinx (1.99.1-beta-1) unstable; urgency=low * This release was never uploaded to Debian. * New upstream, released 2024-09-28. - [mod] small fixes and made betas 33 bytes more consistently - [mod] added data/masterkey for tests - [mod] moved test sphinx cfg data to test instead of pwdsphinx - [fix] don't reference BYZANTINE_DKG if corrupt_dkg_lib is none - [fix] missing converters from setup, and bump v to 1.99.1-beta - [fix] also added converters to manifest.in * d/patches/series: disable patches now shipped w/ upstream; enable new 0005-oracle-from-src.patch. * d/rules: enable PYBUILD_{BEFORE,AFTER}_TEST, thanks Stefan Marsiske. * d/tests/: rebuild "control", remove script "sphinx". * d/patches/0006-disable-some-tests.patch: for now we disable all failing tests in upstream tests/test.py (we do run all tests in test_conv.py test_pass2bin.py and test_rules.py). We now run 73 tests. The complete upstream suite encompasses 163 tests; which now would give (failures=3, errors=75). * d/control: add python3-qrcodegen python3-securestring python3-pyequihash to Build-Depends: needed during build time tests. -- Joost van Baal-Ilić Fri, 18 Oct 2024 09:46:28 +0200 pwdsphinx (1.99.0-beta-1) unstable; urgency=low * New upstream, released 2024-08-15. - [enh] added topk to contrib/sphage to derive a pk from an age sk - [enh] new feature disable maintenance of userlists - [fix] bin2pass to set syms to none if "" is given - [doc] removed .sh postfixes in contrib README - [doc] cleaned up README.md * deal with new pwdsphinx/converters: - d/patches: add 0001-pwdsphinx-convertors-setup.patch, 0002-pwdsphinx-convertors-manifest.patch and series in order to get build time tests pass. - d/pwdsphinx.install: install pwdsphinx/converters. - d/not-installed: do not install pwdsphinx/converters/__pycache__/. * dealing with build time tests: - d/control: add Build-Depends python3-pyoprf, needed for "pybuild --test". - d/rules: PYBUILD_{BEFORE,AFTER}_TEST would be one way to do it. - d/patches/0004-sphinx.cfg: another attempt to make build time tests succeed. - d/pybuild.testfiles,disabled: some leftover from an attempt to have tests passed. - d/rules: finally: override_dh_auto_test: for now, skip all tests (at least 2 out of 14 fail). -- Joost van Baal-Ilić Sat, 28 Sep 2024 10:01:05 +0200 pwdsphinx (1.0.19-1) unstable; urgency=low * New upstream, released 2024-05-16. - made zxcvbn dependency optional; since src:python-zxcvbn suffers from #1068975: "Abandoned upstream and unmaintained". Thanks Andrey Rakhmatullin. * d/control: change Depends from libsphinx-dev to libsphinx0, since upstream no longer needs the -dev symlink. -- Joost van Baal-Ilić Sat, 29 Jun 2024 14:42:45 +0200 pwdsphinx (1.0.18-3) unstable; urgency=low * d/control: make dependency on libsphinx-dev versioned (>= 1.1.1): libsphinx api changed. (We use this library by calling Python's ctypes.cdll.LoadLibrary in sphinxlib.py.) -- Joost van Baal-Ilić Sun, 06 Aug 2023 07:08:13 +0200 pwdsphinx (1.0.18-2) unstable; urgency=low [ Stefan Marsiske, 2023-08-04 ] * d/rules fixed, so that dpkg-buildpackage -A succeeds, and hopefully also test-build-all and packaging as well. Thanks David Bremner and Christoph Berg. -- Joost van Baal-Ilić Sat, 05 Aug 2023 05:29:57 +0200 pwdsphinx (1.0.18-1) unstable; urgency=low * New upstream, released 2023-07-31. Missed: 1.0.17, released 2023-07-31. [ Stefan Marsiske ] * d/pwdsphinx-tools.{install,manpages}: install new executable sx11-getacc-user-pass and manpage. -- Joost van Baal-Ilić Wed, 02 Aug 2023 06:33:45 +0200 pwdsphinx (1.0.16-1) unstable; urgency=low * New upstream; released Jul 27, 2023. -- Joost van Baal-Ilić Thu, 27 Jul 2023 14:34:34 +0200 pwdsphinx (1.0.15-1) unstable; urgency=low * New upstream; released Jul 25, 2023. Missed: 1.0.9, 1.0.10, 1.0.11 (Nov 3, 2022), 1.0.12 (Feb 9, 2023), 1.0.13 (Feb 12, 2023), 1.0.14 (Jun 28, 2023). [ Joost van Baal-Ilić, 2023-07-27 ] * d/control: add Vcs-* headers. [ Stefan Marsiske, 2023-07-25 ] * added missing man-pages * merged debian/sphinx.1 with sphinx.md * GettingStarted.md gets installed * renamed .sphinx scripts to /usr/bin/sx11-* [ Stefan Marsiske, 2023-07-22 ] * contrib/Makefile: removed a trailing space - also trying to trigger salsa ci/cd [ Stefan Marsiske, 2023-06-27..28 ] * debian/pwdsphinx-tools.install, debian/pwdsphinx-tools.manpages, debian/pwdsphinx.install, debian/pwdsphinx.manpages, debian/tests/control, debian/tests/sphinx: fixing lintian issues * debian/control: removed an automatic dependency from control which added a non-existing dependency * debian/changelog, debian/control, debian/not-installed, debian/pwdsphinx-tools.docs, debian/pwdsphinx-tools.examples, debian/pwdsphinx.install: updated debian packaging, so that it succeeds, and lintian doesn't complain much [ Joost van Baal-Ilić, 2023-02-12 ] * d/watch: actually put some content in. -- Joost van Baal-Ilić Thu, 27 Jul 2023 14:34:34 +0200 pwdsphinx (1.0.8-1) experimental; urgency=low * Initial upload to Debian. Closes: #1023113 * New upstream. - fix in contrib/Makefile: .sh filename extension gone * d/control: the way pwdsphinx/sphinxlib.py finds libsphinx depends on the symlink installed by libsphinx-dev: we depend upon libsphinx-dev * d/sphinx.1: add manpage. * d/control: replace ${python3:Depends} by hardcoded list python3:any, python3-pysodium, python3-qrcodegen, python3-zxcvbn, python3-securestring, python3-pyequihash; for some reason ${python3:Depends}'s expansion included obsolete python3-equihash. -- Joost van Baal-Ilić Wed, 01 Feb 2023 16:10:11 +0100 pwdsphinx (1.0.7-1) unstable; urgency=low * This release was never uploaded to the Debian archive. * New upstream. - d/pwdsphinx-tools.examples: .sh filename extension gone, adjust * d/pwdsphinx.examples: added: install upstream sphinx.cfg_sample -- Joost van Baal-Ilić Tue, 01 Nov 2022 10:05:27 +0100 pwdsphinx (1.0.6-2) unstable; urgency=low * This release was never uploaded to the Debian archive. * d/control: build-depends: s/python-setuptools/python3-setuptools/. * d/control: change Maintainer from Stefan Marsiske to myself, add Uploaders: jdx5yg90@ctrlc.hu, as agreed upon with upstream. * d/control: pwdsphinx: add missing Depends python3-zxcvbn and python3-securestring, as used by usr/bin/websphinx. * d/control: add pinentry-curses to virtual pwdsphinx-tools depends pinentry, add Suggests: pinentry-gnome3 | pinentry-x11 to pwdsphinx. * d/control: update Depends to libsphinx0 and python3-equihash. * d/control: add Depends: pwdspinx to pwdsphinx-tools. * d/contol: enhance description. * d/pwdsphinx.docs: install upstream README.md and whitepaper.org. * d/pwdsphinx-tools.docs, d/pwdsphinx-tools.install: install upstream contrib/README.md. * d/pwdsphinx-tools.install, d/pwdsphinx-tools.examples: move scripts to examples/: no manpages yet, use .sh filename extension. * d/not-installed: added: we overrule upstream contrib/Makefile. * d/README.Debian: remove: is copy of information in package description. * d/copyright: simplify. * d/copyright: add full text of CC-BY-SA-4.0. (See #795402 for why this is needed.) -- Joost van Baal-Ilić Sat, 22 Oct 2022 08:10:59 +0000 pwdsphinx (1.0.6-1) unstable; urgency=low * Initial release. -- Stefan Marsiske Thu, 09 Jun 2022 00:35:39 +0200