-
zescrow (1.7-0ubuntu1) quantal; urgency=low
[ Alessandro Menti ]
* Added missing AGPL 3 license text to debian/copyright. (LP: #974533)
* Bumped Standards-Version in debian/control.
* Added missing symlink from /usr/share/man/man1/zescrow.1.gz to zEscrow.1.gz
in the same directory.
* debian/patches/fix_desktop_file_typo.patch:
- Fixed typo in category name in the zEscrow.desktop file.
[ Andrew Starr-Bochicchio ]
* debian/copyright: Point to copy of GPL-3 in common licenses.
-- Dustin Kirkland <email address hidden> Fri, 10 Aug 2012 11:19:50 -0500
-
zescrow (1.6-0ubuntu2) quantal; urgency=low
[ Alessandro Menti ]
* Added missing AGPL 3 license text to debian/copyright. (LP: #974533)
* Bumped Standards-Version in debian/control.
* Added missing symlink from /usr/share/man/man1/zescrow.1.gz to zEscrow.1.gz
in the same directory.
* debian/patches/fix_desktop_file_typo.patch:
- Fixed typo in category name in the zEscrow.desktop file.
[ Andrew Starr-Bochicchio ]
* debian/copyright: Point to copy of GPL-3 in common licenses.
-- Alessandro Menti <email address hidden> Mon, 13 Aug 2012 20:00:38 -0400
-
zescrow (1.6-0ubuntu1) quantal; urgency=low
[ Wesley Wiedenmeier ]
* usr/bin/zEscrow-gui, usr/share/zEscrow/help.png:
- drastically simplify the escrow process
- prompt up front for both pieces of information,
a) the server, b) the wrapping passphrase
- add help bubbles with the extra text
-- Dustin Kirkland <email address hidden> Fri, 03 Aug 2012 15:45:55 -0500
-
zescrow (1.5-0ubuntu1) quantal; urgency=low
* www/include/below.html:
- move banner up, link to gazzang.com ztrustee, fix width
* usr/bin/zEscrow-gui, usr/share/zEscrow/gazzang_logo.png,
usr/share/zEscrow/key_64.png:
- add some Gazzang branding in the gtk interface
-- Dustin Kirkland <email address hidden> Wed, 18 Jul 2012 18:27:33 -0500
-
zescrow (1.4-0ubuntu1) quantal; urgency=low
[ Dustin Kirkland ]
* INSTALL:
- limit uploads to 5K
- limit to one file uploaded at a time
- disable url open and includes
* www/robots.txt:
- disable all scanning
* usr/bin/zEscrow:
- support taking a zEscrow server name as arg1
- support taking a wrapping passphrase on stdin
- auto-retry uploads to the server up to 30 times
- when non-interactive, print "URL: %s" as last line
for machine consumption
* debian/control, usr/bin/zEscrow, usr/bin/zEscrow-graphical:
- added python deps, updated PKG, copyright
* www/include/below.html, www/include/zEscrow_Banner.jpg:
- add some overt Gazzang advertising
* usr/bin/zEscrow, usr/bin/zEscrow-cli, usr/bin/zEscrow-graphical =>
usr/bin/zEscrow-gui:
- add a wrapper for the -cli and -gui
* debian/links:
- add a symlink for zescrow
[ Wesley Wiedenmeier ]
* === added directory usr/share/zEscrow, usr/bin/zEscrow,
usr/bin/zEscrow-graphical, usr/share/zEscrow/password-text,
usr/share/zEscrow/welcome-text:
- add a GTK graphical front end
- move the common prompting text to flat text files usable
by both the cli and gui
- rework the panel handling
-- Dustin Kirkland <email address hidden> Sat, 07 Apr 2012 12:12:22 -0500
-
zescrow (1.3-0ubuntu1) precise; urgency=low
* debian/copyright, upload/go/index.html, upload/index.html,
usr/bin/zEscrow, www/deposit/go/index.html, www/deposit/index.html,
www/include/above.html, www/include/below.html,
www/include/credentials.html.CHANGE_ME, www/include/escrow.css,
www/include/functions.html, www/index.html, www/not-
found/index.html, www/openid/index.html, www/openid/return.html,
www/privacy.html, www/retrieve/go/index.html,
www/retrieve/index.html, www/terms.html:
- Copyright updated to include Gazzang, Inc.
* usr/bin/zEscrow:
- Multiple security fixes, according to line-by-line code audit by
Kees Cook <email address hidden>
- use 'set -e' rather than sh -e, to ensure errors are caught if an
interpreter other than sh is used
- store the stty earlier and restore on trapped exits
- generate the tempfile with the required extensions
- drop redundant chmodding
- note specifically that the user's passphrase is NOT sent to the server
- remove one of the client/server roundtrips, fetching the key
fingerprint
- instead, use gpg's --status-fd to parse machine readable output and
retrieve the fingerprint from there
- catch curl errors
- catch gpg import errors
- validate the fingerprint
- drop use of wildcard in copying to tempdir
- make the $url more readable
- handle the browser launching prompt correctly
-- Dustin Kirkland <email address hidden> Wed, 04 Apr 2012 12:02:31 -0500
