pkgsrc/security/ipsec-tools, branch cube-native-xorg

pkgsrc/security/ipsec-tools, branch cube-native-xorg [no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=cube-native-xorg 2008-08-16T06:55:18Z Update to ipsec-tools 0.7.1, fixes CVE-2008-3652 2008-08-16T06:55:18Z manu manu@pkgsrc.org 2008-08-16T06:55:18Z urn:sha1:2181a05305c0232e5db67b6a2b53ad9fa9626c68 Changes since the 0.6 branch: 0.7.1 - 23 July 2008 o Fixes a memory leak when invalid proposal received o Some fixes in DPD o do not set default gss id if xauth is used o fixed hybrid enabled builds o fixed compilation on FreeBSD8 o cleanup in network port value manipulation o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_sp i() o Generates a log if cert validation has been disabled by configuration o better handling for pfkey socket read errors o Fixes in yacc / bison stuff o new plog() macro (reduced CPU usage when logging is disabled) o Try to works better with huge SPD/SAD o Corrected modecfg option syntax o Many other various fixes... 0.7 - 09 August 2007 o Xauth with pre-shared key PSK o Xauth with certificates o SHA2 support o pkcs7 support o system accounting (utmp) o Darwin support o configuration can be reloaded o Support for UNIQUE generated policies o Support for semi anonymous sainfos o Support for ph1id to remoteid matching o Plain RSA authentication o Native LDAP support for Xauth and modecfg o Group membership checks for Xauth and sainfo selection o Camellia cipher support o IKE Fragment force option o Modecfg SplitNet attribute support o Modecfg SplitDNS attribute support ( server side ) o Modecfg Default Domain attribute support o Modecfg DNS/WINS server multiple attribute support Per the process outlined in revbump(1), perform a recursive revbump 2008-01-18T05:06:18Z tnn tnn@pkgsrc.org 2008-01-18T05:06:18Z urn:sha1:ad6ceadd25e1d535423ffbc205cb3e45472c83ca on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@ Update to ipsec-tools 0.6.7. 2007-04-11T06:51:19Z ghen ghen@pkgsrc.org 2007-04-11T06:51:19Z urn:sha1:3612dc60148551c319fe193bbb07ef875c237ded o Fixed SHA256 detection on some systems o Fixed a DoS in Informationnal messages processing (CVE-2007-1841). Whitespace cleanup, courtesy of pkglint. 2007-02-22T19:26:05Z wiz wiz@pkgsrc.org 2007-02-22T19:26:05Z urn:sha1:601583c3207bd23bb05d0761888aefcb5699e1c2 Patch provided by Sergey Svishchev in private mail. Update ipsec-tools to 0.6.6. 2006-10-25T17:12:18Z bad bad@pkgsrc.org 2006-10-25T17:12:18Z urn:sha1:05972d3b7441d6761dcc5abb207076f55093bd38 Changes since 0.6.3: 0.6.6 * src/racoon/isakmp_xauth.c: Build fix * src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT encapsulation in pk_sendgetspi(). * src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT encapsulation in pk_sendupdate(). * src/racoon/isakmp_xauth.c: fix memory leak * src/racoon/{cfparse.y|handler.h}: typos 0.6.5 * src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send() fails in isakmp_ph1resend() * src/racoon/{cfparse.y|ipsec_doi.c}: Temporary fix for /32 subnets parsing. * src/racoon/isakmp_cfg.c: make software behave as the documentation advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to avoid breaking backward compatibility. * src/racoon/session.c: Fixed / cleaned up signal handling. 0.6.4 * configure.ac src/racoon/plog.c: backported Fred's workaround for %zu problems on (at least) FreeBSD4. * src/racoon/session.c: backport: fix possible race conditions in signal handlers (see session.c 1.17). * src/libipsec/pfkey_dump.c: fixed compilation when NAT_T disabled (Fred has still some CVS problems). * src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports function to display SAD entries with their associated ports. * src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag in conjunction with -D to show SADs with the port, allow both get and delete commands to use bracketed ports if needed. * src/racoon/racoon.conf.5: Style changes Ran "pkglint --autofix", which corrected some of the quoting issues in 2005-12-05T23:55:01Z rillig rillig@pkgsrc.org 2005-12-05T23:55:01Z urn:sha1:579e97796954edc2469fac176e855589e1dc2997 CONFIGURE_ARGS. Fixed pkglint warnings. The warnings are mostly quoting issues, for 2005-12-05T20:49:47Z rillig rillig@pkgsrc.org 2005-12-05T20:49:47Z urn:sha1:b71a1d488b6b45e0a968a4c149990c25b6a09215 example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some other changes are outlined in http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html Update "ipsec-tools" package to version 0.6.3. Changes since 0.6.1: 2005-11-22T16:22:47Z tron tron@pkgsrc.org 2005-11-22T16:22:47Z urn:sha1:e8de42870ed65060a238aa56ed064d6b6da0a188 - Various bug fixes - ISAKMP mode config works without Xauth This update fixes the security vulnerability reported in SA17668. Mark this package as only available on NetBSD 3.0 and newer and 2005-09-02T17:01:13Z tron tron@pkgsrc.org 2005-09-02T17:01:13Z urn:sha1:f6405297d79deba73c0c922b4228e81aac787074 Linux 2.6.x and newer. Update "ipsec-tools" package to version 0.6.1. Changes since 0.6.1rc1: 2005-08-21T21:58:41Z tron tron@pkgsrc.org 2005-08-21T21:58:41Z urn:sha1:fb58f4d84413071871a2ebb41f2339fb43802cf3 - src/racoon/dnssec.c: fix bogus test on function result - src/racoon/isakmp.c: Improved in/out SA addresses check in purge_remote() - src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings - src/racoon/privsep.c: Fixed a %d -> %zu in port_check()