[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc-2012Q2 2012-06-30T20:20:44Z 2012-06-30T20:20:44Z dholland dholland@pkgsrc.org 2012-06-30T20:20:44Z urn:sha1:54ef30d063e8041cf6740acb91f5c12d43ddd0cd 2012-06-29T14:49:38Z taca taca@pkgsrc.org 2012-06-29T14:49:38Z urn:sha1:b97f01f64bdf9b76cc3a13d16b6ba33feaf4fe94 === F-PROT Antivirus for Unix, version 6.2.1 Compatibility for older Linux distros improved (glibc 2.3 for 32 bit version and glibc 2.4 for 64 bit version) Compatibility for older Solaris/SunOS version improved (both 32 and 64 bit versions are compatible with solaris 8 now) 64 bit FreeBSD now supported === F-PROT Antivirus for Unix, version 6.2.0 Scan engine upgraded from 4.6.2 to 4.6.5 with improved detection rates and fewer false positives. Multiple issues with the mail scanners have been fixed. === F-PROT Antivirus for Unix, version 6.1.1 fpupdate fix to prevent crash on certain 64 bit Linux systems. 2012-06-24T07:20:23Z jperkin jperkin@pkgsrc.org 2012-06-24T07:20:23Z urn:sha1:a31ffeddd66a047fa6f9ceedecdad7377211ec46 2012-06-23T23:07:20Z dholland dholland@pkgsrc.org 2012-06-23T23:07:20Z urn:sha1:69dab7c470dcec043c1a6b04094a82b3f0408ba0 2012-06-21T12:46:12Z pettai pettai@pkgsrc.org 2012-06-21T12:46:12Z urn:sha1:2393a8f9dbd3ac876c041672b005130c937fdd7b * OPENDNSSEC-277: Enforcer: Performance optimisation of database access. Bugfixes: * SUPPORT-27: ods-ksmutil: simplify zone delete so that it only marks keys as dead (rather than actually removing them). Leave the key removal to purge jobs. (Ok'ed by wiz@) 2012-06-16T23:45:39Z dholland dholland@pkgsrc.org 2012-06-16T23:45:39Z urn:sha1:497f3196eaf820370b81e7ee478d43c8e968dc1a 2012-06-16T23:21:14Z dholland dholland@pkgsrc.org 2012-06-16T23:21:14Z urn:sha1:e8f3fdc89021c717255049b827c382b678556b33 2012-06-16T22:55:25Z pettai pettai@pkgsrc.org 2012-06-16T22:55:25Z urn:sha1:c0a767c33e6e01771176d6f75cdba667149498f0 * misc Release numbering changed to three level "major.minor.revison" scheme * bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson) * doc Improved README file (Thanks to Jan-Piet Mens) * misc Fix of some typos in log messages * bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked) * misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode) Default Sig Lifetime changed from 10 days to 3 weeks (21 days) Default ZSK lifetime changed from 3 months to 4 times the sig lifetime Default KSK lifetime changed from 1 year to 2 years Parameter checks in checkconfig() adapted. KSK random device changed back from /dev/urandom to BIND default (Be aware of some possibly long delay in key generation) * func New configure option to set the bind utility path manually (--enable-bindutil_path) BIND_UTIL_PATH in config_zkt.h will no longer used * bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1 or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead. * bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz) * func Description added to (some of the) dnssec.conf parameters * func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs * misc Config file syntax changed to parameter names without underscores. zkt-conf uses ZKT_VERSION string as config version * bug "make install-man" now installs all man page * bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already included dnskey.db file if another file was included. * misc destination dnssec-zkt removed from Makefile.in * func dki_prt_managedkeys() added to dki.c zkt_list_managedkeys() added to zkt.c zkt-ls has new option -M to print out a list of managed-keys * bug Bug fixed in the config parser (zconf.c). Couldn't parse agorithm RSASHA512 correctly (Thanks to Michael Sinatra) 2012-06-16T22:34:23Z dholland dholland@pkgsrc.org 2012-06-16T22:34:23Z urn:sha1:5e4ffdca7aa9f28581b25bdbaa754aa2d7314872 2012-06-16T22:15:23Z pettai pettai@pkgsrc.org 2012-06-16T22:15:23Z urn:sha1:b1d9ddffcf1c77677fbd5549367d10cea8f9f423 * Add an anon_fast option that attempts anonymous authentication (generally implemented via anonymous PKINIT inside the Kerberos library) and then, if successful, uses those credentials for FAST armor. If fast_ccache and anon_fast are both specified, anonymous authentication will be used as a fallback if the specified FAST ticket cache doesn't exist. Based on patches from Yair Yarom. * Add a user_realm option to only set the realm for unqualified user principals. This differs from the existing realm option in that realm also changes the default realm for authorization decisions and for verification of credentials. Update the realm option documentation to clarify the differences and remove incorrect information. Patch from Roland C. Dowdeswell. * Add a no_prompt option to suppress the PAM module's prompt for the user's password and defer all prompting to the Kerberos library. This allows the Kerberos library to have complete control of the prompting process, which may be desireable if authentication mechanisms other than password are in use. Be aware that, with this option set, the PAM module has no control over the contents of the prompt and cannot store the user's password in the PAM data. Based on a patch by Yair Yarom. * Add a silent option to force the module to behave as if the application had passed in PAM_SILENT and suppress text messages and errors from the Kerberos library. Patch from Yair Yarom. * Add preliminary support for Kerberos trace logging via a trace option that enables trace logging if supported by the underlying Kerberos library. The option takes as an argument the file name to which to log trace output. This option does not yet work with any released version of Kerberos, but may work with the next release of MIT Kerberos. * MIT Kerberos does not add a colon and space to its password prompts, but Heimdal does. pam-krb5 previously unconditionally added a colon and space, resulting in doubled colons with Heimdal. Work around this inconsistency by not adding the colon and space if already present. * Fix alt_auth_map support to preserve the realm of the authentication identity when forming the alternate authentication principal, matching the documentation. * Document that the alt_auth_map format may contain a realm to force all mapped principals to be in that realm. In that case, don't add the realm of the authentication identity. Note that this can be used as a simple way to attempt authentication in an alternate realm first and then fall back to the local realm, although any complex attempt at authentication in multiple realms should instead run the module multiple times with different realm settings. * Avoid a NULL pointer dereference if krb5_init_context fails. * Fix initialization of time values in the module configuration on platforms (like S/390X) where krb5_deltat is not equivalent to long. * Close a memory leak when search_k5login is set but the user has no .k5login file. * Close several memory leaks in alt_auth_map support. * Suppress bogus error messages about unknown option for the realm option. The option was being parsed and honored despite the error. * Retry authentication under try_first_pass on several other errors in addition to decrypt integrity check errors to handle a wider array of possible "password incorrect" error messages from the KDC. * Update to rra-c-util 4.4: * Update to C TAP Harness 1.12: