summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-02-03Updated sysutils/e2fsprogs to 1.43.4mef6-22/+26
------------------------------------- (from RELEASE-NOTE, some 170 lines, sorry) ----------------------------------------- E2fsprogs 1.43.4 (January 31, 2017) =================================== Fix e2fsck to require that the system.data extended attribute is always present even for files smaller than 60 bytes, to be consistent with the kernel. Fix a bug which was causing mke2fs -d and fuse2fs to improperly handle Posix ACL's. Fix a bug which could cause mke2fs -d to fail if there is an zero-length file in source directory tree. Clarify the default for the "proceed?" question printed by mke2fs and tune2fs. (Addresses Debian Bug: #852727) Debugfs will now display project quota information. Debugfs's do_set_xattr now uses C strings to parse extended attribute values, and will print the extended attributes using either C strings or hex bytes when using debugfs's do_get_xattr command. It will now allow developers to see the contents of the system.data extended attribute. Fix a bug in mke2fs where I/O errors weren't getting properly reported to the user. Fix multiblock writes in the unaligned Direct I/O fallback code. (Which is rarely needed on Linux systems, but which is required on Freebsd systems.) Make sure the default mke2fs.conf file includes the uninit_bg feature flag. (Which was accidentally dropped in v1.43). Fix a bug in resize2fs when operating on very large file systems which have a block size different from the VM page size. If the reported device size is absurdly large, mke2fs will now report an error instead looping forever or crashing. Fix various Coverity warnings and other memory leaks in fuse2fs and extended attribute manipulation functions. Replace a test file but which had a "non-commercial use-only" copyright permission file with a newer version from the Cyrus imapd package which now has a 4-clause BSD license, which was making some lawyers nervous, even though the test file in question was only used in lib/et's regression testing and was never included in any compiled binary. (Addresses Debian Bug: #840733) Stop installing mkfs.ext4dev and fsck.ext4dev Update Chinese, Czech, Polish, Serbian, and Spanish translations and add the Finnish and Malay translation. (Addresses-Debian-Bug: #774379) Update various man pages (Addresses-Debian-Bug: #852726) Programming notes ----------------- Fix more FreeBSD-11 compatibility bugs, including some unmasked by FreeBSD 11-rc2. Fix the Mac build. Fix build failure on RHEL 5.x systems caused by an old version of libmagic. Fix a number of bugs reported by ASAN that can cause some (mostly harmless) memory dereferences beyond allocated memory. E2fsprogs 1.43.3 (September 4, 2016) ==================================== Fix e2fsck's handling of timestamps on 32-bit systems. E2fsck will now check, and if necessary repair the extra isize fields in the inode and superblock. Fix crashes on architectures such as sparc64 that are sensitive to unaligned pointer derferences in the journal recovery code when journal checksums are enabled. Programming notes ----------------- Support reproducible builds by not capturing the build directory into the mk_cmds and compile_et scripts. Also fix debian build rules to ensure build reproducibility. Fix debian build rules to ensure build reproducibility and to avoid hiding the linker flags for e2fsck.static so the build hardening log scanner can properly audit the build. Fix compatibility with FreeBSD's pmake and teach the configure script to force the creation of pmake-compatible Makefiles if the FORCE_NATIVE_MAKE environment variable is set to a non-empty value. E2fsprogs 1.43.2 (September 1, 2016) ==================================== Fix resize2fs so it will not crash if there is an extended attribute block but it doesn't need to migate any blocks during an off-line resize Fix a crash when mke2fs or debugfs tries to copy in a directory hierarchy containing an empty directory Mke2fs will now use a larger journal by default for filesystems greater than 128 GB. (1GB instead of 128 MB.) Fix an alignment bug in e2fsck which caused sparc64 architectures to crash when replaying the journal on file systems with a 64-bit block number. Clarify the message printed by tune2fs message when the user needs to run e2fsck so it's clear that the -f flag to e2fsck is needed to force a full e2fsck scan. (Addresses Debian Bug: #828022) Fix a bug in e2fsck caused by a power failure during e2fsck's journal replay could leave the file system in a state where if the file system is mounted without doing a full e2fsck scan, the file system could get corrupted Fix the logic in e2fsck which decides when to repair legacy negative timestamp encodings. Add a command to debugfs to copy the inode structure from one inode to another. Fix a typo in debugfs's stat command when printing out the dtime field on file systems with an extended timestamp. Fix big endian bugs in the e2undo program. (Addresses Red Hat Bug #1344636) Debugfs's logdump can now properly handle journals larger than 2GB. Avoid installing the man page for fuse2fs if it has not been built. Update the Catalan, Chinese, Danish, Dutch, French, German, Polish, Swedish, Ukrainian translations and added new translations for Hugarian and Serbian. Programming notes ----------------- Fix portability problems in fuse2fs. Previously it wouldn't build on systems with older glibc versions where clock_gettime() is only available in the librt library, and if libintl is not bundled into the C library. Remove complicated logic which caused a static code analyzer to flag a false positive. (A static code analyzer also found a valid bug in deciding when to repair a legacy negative timestamp encoding, so eliminating false positives is important.) Fixed a bug where the ext2fs library cloud provoke when a extfs2_zero_blocks() is used (via fallocation, initializing a file system, uninitialized uninitialized inode table blocks) after a different file system which also used ext2fs_zero_blocks(). Enable the unix_io manager in the ext2fs library so it can accept the use of a file descriptor. This is helpful in cases where the file descriptor comes from temporary file created using O_TMPFILE, or passed in from a unix domain socket. Fix a Windows64 portability bug.
2017-02-03Updated sysutils/salt to 2016.11.2sborrill1-1/+2
2017-02-03Update sysutils/salt to 2016.11.2. As usual, the changelogs are far too longsborrill6-146/+369
to be useful, but are available here: https://docs.saltstack.com/en/latest/topics/releases/2016.11.0.html https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html Thanks to Morgan @ Precedence Technologies.
2017-02-03vowpal_wabbit: add zlib to dependenciescheusov1-2/+3
2017-02-03Updated www/py-pelican to 3.7.1nb1nils1-1/+2
2017-02-03Updated www/pelican to 3.7.1nb1.nils1-6/+7
Pkgsrc changes : - dependency to www/py-feedgenerator updated to 1.9 (otherwise, pelican does not work) ; - tabs alignement to make pkglint happy.
2017-02-03Updated security/mozilla-rootcerts to 1.0.20170121maya1-1/+2
2017-02-03mozilla-rootcerts: update to 052b90b5414f (commit at 2017-01-21)maya4-43/+39
mozilla-rootcerts-openssl: catch up closest thing to a changelog: diff -u certdata-20160610.txt certdata-20170121.txt | grep '# ' -# Certificate "Equifax Secure CA" -# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US -# Serial Number: 903804111 (0x35def4cf) -# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US -# Not Valid Before: Sat Aug 22 16:41:51 1998 -# Not Valid After : Wed Aug 22 16:41:51 2018 -# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4 -# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A -# Trust for Certificate "Equifax Secure CA" -# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US -# Serial Number: 903804111 (0x35def4cf) -# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US -# Not Valid Before: Sat Aug 22 16:41:51 1998 -# Not Valid After : Wed Aug 22 16:41:51 2018 -# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4 -# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A # Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements." # Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US # Serial Number: 1407252 (0x157914) -# Certificate "Verisign Class 3 Public Primary Certification Authority" -# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf -# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67 -# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2 -# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority" -# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf -# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67 -# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2 -# Certificate "Verisign Class 2 Public Primary Certification Authority - G2" -# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af -# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon May 18 00:00:00 1998 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 -# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D -# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G2" -# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af -# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon May 18 00:00:00 1998 -# Not Valid After : Tue Aug 01 23:59:59 2028 -# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 -# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D # Certificate "GlobalSign Root CA" # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE -# Certificate "Equifax Secure Global eBusiness CA" +# Certificate "AddTrust Low-Value Services Root" -# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US +# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE # Serial Number: 1 (0x1) -# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Not Valid Before: Mon Jun 21 04:00:00 1999 -# Not Valid After : Sun Jun 21 04:00:00 2020 -# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC -# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45 +# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE +# Not Valid Before: Tue May 30 10:38:31 2000 +# Not Valid After : Sat May 30 10:38:31 2020 +# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC +# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D -# Trust for Certificate "Equifax Secure Global eBusiness CA" -# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Serial Number: 1 (0x1) -# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Not Valid Before: Mon Jun 21 04:00:00 1999 -# Not Valid After : Sun Jun 21 04:00:00 2020 -# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC -# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45 -# Certificate "Equifax Secure eBusiness CA 1" -# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Serial Number: 4 (0x4) -# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Not Valid Before: Mon Jun 21 04:00:00 1999 -# Not Valid After : Sun Jun 21 04:00:00 2020 -# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D -# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41 -# Trust for Certificate "Equifax Secure eBusiness CA 1" -# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Serial Number: 4 (0x4) -# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US -# Not Valid Before: Mon Jun 21 04:00:00 1999 -# Not Valid After : Sun Jun 21 04:00:00 2020 -# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D -# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41 -# Certificate "AddTrust Low-Value Services Root" -# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE -# Serial Number: 1 (0x1) -# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE -# Not Valid Before: Tue May 30 10:38:31 2000 -# Not Valid After : Sat May 30 10:38:31 2020 -# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC -# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D -# Certificate "RSA Security 2048 v3" -# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc -# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02 -# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc -# Not Valid Before: Thu Feb 22 20:39:23 2001 -# Not Valid After : Sun Feb 22 20:39:23 2026 -# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E -# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42 -# Trust for Certificate "RSA Security 2048 v3" -# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc -# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02 -# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc -# Not Valid Before: Thu Feb 22 20:39:23 2001 -# Not Valid After : Sun Feb 22 20:39:23 2026 -# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E -# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42 # Certificate "GeoTrust Global CA" # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US -# Certificate "IGC/A" -# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR -# Serial Number:39:11:45:10:94 -# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR -# Not Valid Before: Fri Dec 13 14:29:23 2002 -# Not Valid After : Sat Oct 17 14:29:22 2020 -# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37 -# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C -# Trust for Certificate "IGC/A" -# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR -# Serial Number:39:11:45:10:94 -# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR -# Not Valid Before: Fri Dec 13 14:29:23 2002 -# Not Valid After : Sat Oct 17 14:29:22 2020 -# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37 -# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C # Distrust "Distrusted AC DG Tresor SSL" # Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR # Serial Number: 204199 (0x31da7) -# Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN" -# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE -# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7 -# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE -# Not Valid Before: Wed Jun 22 00:00:00 2005 -# Not Valid After : Fri Jun 21 23:59:59 2030 -# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64 -# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81 -# Trust for Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN" -# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE -# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7 -# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE -# Not Valid Before: Wed Jun 22 00:00:00 2005 -# Not Valid After : Fri Jun 21 23:59:59 2030 -# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64 -# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81 # Certificate "Microsec e-Szigno Root CA" # Issuer: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU -# Certificate "Buypass Class 2 CA 1" -# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO -# Serial Number: 1 (0x1) -# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO -# Not Valid Before: Fri Oct 13 10:25:09 2006 -# Not Valid After : Thu Oct 13 10:25:09 2016 -# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23 -# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC -# Trust for Certificate "Buypass Class 2 CA 1" -# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO -# Serial Number: 1 (0x1) -# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO -# Not Valid Before: Fri Oct 13 10:25:09 2006 -# Not Valid After : Thu Oct 13 10:25:09 2016 -# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23 -# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC -# Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi" -# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Serial Number:4c:af:73:42:1c:8e:74:02 -# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Not Valid Before: Thu Aug 17 00:21:09 2006 -# Not Valid After : Sun Aug 14 00:31:09 2016 -# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37 -# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58 -# Trust for Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi" -# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Serial Number:4c:af:73:42:1c:8e:74:02 -# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s.. -# Not Valid Before: Thu Aug 17 00:21:09 2006 -# Not Valid After : Sun Aug 14 00:31:09 2016 -# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37 -# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58 # Certificate "certSIGN ROOT CA" # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO -# Certificate "Juur-SK" -# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee -# Serial Number: 999181308 (0x3b8e4bfc) -# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee -# Not Valid Before: Thu Aug 30 14:23:01 2001 -# Not Valid After : Fri Aug 26 14:23:01 2016 -# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55 -# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89 -# Trust for Certificate "Juur-SK" -# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee -# Serial Number: 999181308 (0x3b8e4bfc) -# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee -# Not Valid Before: Thu Aug 30 14:23:01 2001 -# Not Valid After : Fri Aug 26 14:23:01 2016 -# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55 -# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89 # Certificate "Hongkong Post Root CA 1" # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK -# Certificate "Verisign Class 1 Public Primary Certification Authority" +# Certificate "Microsec e-Szigno Root CA 2009" -# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd -# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Wed Aug 02 23:59:59 2028 -# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E -# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1 +# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU +# Serial Number:00:c2:7e:43:04:4e:47:3f:19 +# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU +# Not Valid Before: Tue Jun 16 11:30:18 2009 +# Not Valid After : Sun Dec 30 11:30:18 2029 +# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1 +# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E -# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority" -# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd -# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US -# Not Valid Before: Mon Jan 29 00:00:00 1996 -# Not Valid After : Wed Aug 02 23:59:59 2028 -# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E -# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1 -# Certificate "Microsec e-Szigno Root CA 2009" -# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Serial Number:00:c2:7e:43:04:4e:47:3f:19 -# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU -# Not Valid Before: Tue Jun 16 11:30:18 2009 -# Not Valid After : Sun Dec 30 11:30:18 2029 -# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1 -# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E -# Certificate "Root CA Generalitat Valenciana" -# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES -# Serial Number: 994436456 (0x3b45e568) -# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES -# Not Valid Before: Fri Jul 06 16:22:47 2001 -# Not Valid After : Thu Jul 01 15:22:47 2021 -# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2 -# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46 -# Trust for Certificate "Root CA Generalitat Valenciana" -# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES -# Serial Number: 994436456 (0x3b45e568) -# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES -# Not Valid Before: Fri Jul 06 16:22:47 2001 -# Not Valid After : Thu Jul 01 15:22:47 2021 -# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2 -# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46 # Certificate "TWCA Root Certification Authority" # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW +# Certificate "ISRG Root X1" +# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 +# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Not Valid Before: Thu Jun 04 11:04:38 2015 +# Not Valid After : Mon Jun 04 11:04:38 2035 +# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 +# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 +# Trust for "ISRG Root X1" +# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 +# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US +# Not Valid Before: Thu Jun 04 11:04:38 2015 +# Not Valid After : Mon Jun 04 11:04:38 2035 +# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 +# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 +# Certificate "AC RAIZ FNMT-RCM" +# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 +# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Not Valid Before: Wed Oct 29 15:59:56 2008 +# Not Valid After : Tue Jan 01 00:00:00 2030 +# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA +# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 +# Trust for "AC RAIZ FNMT-RCM" +# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 +# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES +# Not Valid Before: Wed Oct 29 15:59:56 2008 +# Not Valid After : Tue Jan 01 00:00:00 2030 +# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA +# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 +# Certificate "Amazon Root CA 1" +# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US +# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca +# Subject: CN=Amazon Root CA 1,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sun Jan 17 00:00:00 2038 +# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E +# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 +# Trust for "Amazon Root CA 1" +# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US +# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca +# Subject: CN=Amazon Root CA 1,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sun Jan 17 00:00:00 2038 +# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E +# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 +# Certificate "Amazon Root CA 2" +# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US +# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 +# Subject: CN=Amazon Root CA 2,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 +# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A +# Trust for "Amazon Root CA 2" +# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US +# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 +# Subject: CN=Amazon Root CA 2,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 +# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A +# Certificate "Amazon Root CA 3" +# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US +# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a +# Subject: CN=Amazon Root CA 3,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 +# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E +# Trust for "Amazon Root CA 3" +# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US +# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a +# Subject: CN=Amazon Root CA 3,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 +# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E +# Certificate "Amazon Root CA 4" +# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US +# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e +# Subject: CN=Amazon Root CA 4,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 +# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE +# Trust for "Amazon Root CA 4" +# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US +# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e +# Subject: CN=Amazon Root CA 4,O=Amazon,C=US +# Not Valid Before: Tue May 26 00:00:00 2015 +# Not Valid After : Sat May 26 00:00:00 2040 +# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 +# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE +# Certificate "LuxTrust Global Root 2" +# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 +# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Not Valid Before: Thu Mar 05 13:21:57 2015 +# Not Valid After : Mon Mar 05 13:21:57 2035 +# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 +# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F +# Trust for "LuxTrust Global Root 2" +# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 +# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU +# Not Valid Before: Thu Mar 05 13:21:57 2015 +# Not Valid After : Mon Mar 05 13:21:57 2035 +# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 +# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F +# Certificate "Symantec Class 1 Public Primary Certification Authority - G6" +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 +# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 +# Trust for "Symantec Class 1 Public Primary Certification Authority - G6" +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9 +# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64 +# Certificate "Symantec Class 2 Public Primary Certification Authority - G6" +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 +# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F +# Trust for "Symantec Class 2 Public Primary Certification Authority - G6" +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41 +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Tue Oct 18 00:00:00 2011 +# Not Valid After : Tue Dec 01 23:59:59 2037 +# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0 +# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F +# Certificate "Symantec Class 1 Public Primary Certification Authority - G4" +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF +# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 +# Trust for "Symantec Class 1 Public Primary Certification Authority - G4" +# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8 +# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF +# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67 +# Certificate "Symantec Class 2 Public Primary Certification Authority - G4" +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 +# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B +# Trust for "Symantec Class 2 Public Primary Certification Authority - G4" +# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e +# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US +# Not Valid Before: Wed Oct 05 00:00:00 2011 +# Not Valid After : Mon Jan 18 23:59:59 2038 +# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92 +# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
2017-02-03Updated www/py-feedgenerator to 1.9nils1-1/+2
2017-02-03Updated www/py-feedgenerator to 1.9.nils2-8/+8
No upstream changelog available. New homepage for the project (on GitHub).
2017-02-03Updated x11/xdg-user-dirs to 0.15nb2leot1-1/+2
2017-02-03${PKG_SYSCONFDIR} could not exist, add it to MAKE_DIRS to fix PR pkg/51940leot1-3/+4
reported by Paul Goyette. Bump PKGREVISION
2017-02-03Updated x11/libxklavier to 5.4nb2wiz1-1/+2
2017-02-03Remove gobject-introspection bl3.mk, introspection is disabled.wiz1-4/+3
Bump PKGREVISION. Noted by John D. Baker on tech-pkg.
2017-02-03Updated devel/p5-Pegex to 0.63wen1-1/+2
2017-02-03Update to 0.63wen2-7/+7
Upstream changes: 0.63 Sat Jan 14 09:31:43 PST 2017 - Fixed colors on older perls. TINITA++ - Changed on/off to always/never. TINITA++ 0.62 Fri Jan 13 22:37:55 PST 2017 - Debug color and indent options added by TINITA++ - Recursion controls. Apply PR/46 by @pdl++ (refactored) - Support Perl regex look-behind assertions
2017-02-03Updated devel/p5-MooseX-Types to 0.49wen1-1/+2
2017-02-03Update to 0.49wen2-7/+7
Upstream changes: 0.49 2016-12-23 00:12:12Z - made the exported is_Foo and to_Foo subs much faster, especially for type constraints which can be inlined. (Dave Rolsky)
2017-02-03Updated devel/p5-MooseX-Types-Common to 0.001014wen1-1/+2
2017-02-03Update to 0.001014wen2-8/+7
Upstream changes: 0.001014 2017-01-19 02:29:46Z - provide inlined version of NumericCode (Gregory Oschwald, GitHub PR#4)
2017-02-03Updated devel/p5-Moose to 2.2004wen1-1/+2
2017-02-03Update to 2.2004wen2-7/+7
Upstream changes: 2.2004 2017-01-31 [BUG FIXES] - When an attribute was specified as 'rw' and you also provided an accessor name matching the attribute and there was an explicit writer, Moose would try to make an additional reader access with the same name as the attribute. Then Moose would warn about overwriting an accessor with a reader. This is related to the bugs reported in RT #120040. 2.2003 2017-01-30 [BUG FIXES] - Moose could die when attempting to warn about overwriting an attribute's access method in some cases (since version 2.1902) (RT #120040) 2.2002 2017-01-30 [BUG FIXES] - Creating a Moose subclass of a Moo class with an attribute with a delegation would cause a warning (since version 2.1902).
2017-02-02Updated x11/st-term to 0.7nb1leot1-1/+2
2017-02-02Adjust config.def.h to use the default monospace font (similarly to x11/dmenuleot1-2/+4
and wm/dwm) Bump PKGREVISION
2017-02-02Updated www/py-pelican to 3.7.1nils1-1/+2
2017-02-02Updated www/pelican to 3.7.1nils2-8/+15
Upstream changes : 3.6.3 to 3.7.0 : Atom feeds output <content> in addition to <summary> Atom feeds use <published> for the original publication date and <updated> for modifications Simplify Atom feed ID generation and support URL fragments Produce category feeds with category-specific titles RSS feeds now default to summary instead of full content — set RSS_FEED_SUMMARY_ONLY = False to revert to previous behavior Replace MD_EXTENSIONS with MARKDOWN setting Replace JINJA_EXTENSIONS with more-robust JINJA_ENVIRONMENT setting Improve summary truncation logic to handle special characters and tags that span multiple lines, using HTML parser instead of regular expressions Include summary when looking for intra-site link substitutions Link to authors and index via {author}name and {index} syntax Override widget names via LINKS_WIDGET_NAME and SOCIAL_WIDGET_NAME Add INDEX_SAVE_AS option to override default index.html value Remove PAGES context variable for themes in favor of pages SLUG_SUBSTITUTIONS now accepts 3-tuple elements, allowing URL slugs to contain non-alphanumeric characters Tag and category slugs can be controlled with greater precision using the TAG_SUBSTITUTIONS and CATEGORY_SUBSTITUTIONS settings Author slugs can be controlled with greater precision using the AUTHOR_SUBSTITUTIONS setting DEFAULT_DATE can be defined as a string Use mtime instead of ctime when DEFAULT_DATE = 'fs' Add --fatal=errors|warnings option for use with continuous integration When using generator-level caching, ensure previously-cached files are processed instead of just new files Add Python and Pelican version information to debug output Improve compatibility with Python 3.5 Comply with and enforce PEP8 guidelines Replace tables in settings documentation with data:: directives 3.7.0 to 3.7.1 : Fix locale issues in Quickstart script Specify encoding for README and CHANGELOG in setup.py Pkgsrc changes : removed import of pelican in docs generation, which prevented building the package
2017-02-02Add missing Python 3 PLIST entriesfhajny1-1/+16
2017-02-02Updated x11/xf86-video-ati to 7.8.0nb1wiz1-1/+2
2017-02-02Updated xf86-video-ati to 7.8.0nb1:wiz3-2/+63
Add patch from PR 50067 by David Shao, which comes from FreeBSD ports/Dragonfly overlay, to improve the situation on FreeBSD and Dragonfly.
2017-02-02Updated x11/xkeyboard-config to 2.20wiz1-1/+2
2017-02-02Updated xkeyboard-config to 2.20.wiz2-7/+7
Emil Velikov (1): autogen.sh: use quoted string variables Michal Suchanek (1): ctrl: add missing modifier_map Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (3): Drop AM_MAINTAINER_MODE autogen.sh: honor NOCONFIGURE=1 autogen.sh: use exec instead of waiting for configure to finish Sergey Udaltsov (13): Add missing Arabic diacritics to Arabic layouts Restored original RALT behavior for German Rulemak layout (Colemak based Russian phonetic layout) fixed credits Add Elfdalian layout Fixed al(plisi) Added ruble to rulemak Changed AltGr+t to Turkish Lira (instead of trademark) prerelease 2.19.99 for translations Added Lira to Turkish F layout as well Updated translations, prerelease Erroneous patch applied for modifiers Release 2.20 Stefan Tauner (2): symbols/de: use rightsinglequotemark on BKSL in all variants symbols/de: Fix whitespace after adding rightsinglequotemark
2017-02-02Updated net/libpcap to 1.8.1maya2-3/+3
2017-02-02libpcap: update to 1.8.1maya4-45/+79
Tuesday, Oct. 25, 2016 mcr@sandelman.ca Summary for 1.8.1 libpcap release Add a target in Makefile.in for Exuberant Ctags use: 'extags'. Rename configure.in to configure.ac: autoconf 2.59 Clean up the name-to-DLT mapping table. Add some newer DLT_ values: IPMI_HPM_2,ZWAVE_R1_R2,ZWAVE_R3,WATTSTOPPER_DLM,ISO_14443,RDS Clarify what the return values are for both success and failure. Many changes to build on windows Check for the "break the loop" condition in the inner loop for TPACKET_V3. Fix handling of packet count in the TPACKET_V3 inner loop: GitHub issue #493. Filter out duplicate looped back CAN frames. Fix the handling of loopback filters for IPv6 packets. Add a link-layer header type for RDS (IEC 62106) groups. Use different intermediate folders for x86 and x64 builds on Windows. On Linux, handle all CAN captures with pcap-linux.c, in cooked mode. Removes the need for the "host-endian" link-layer header type. Compile with '-Wused-but-marked-unused' in devel mode if supported Have separate DLTs for big-endian and host-endian SocketCAN headers. Reflect version.h being renamed to pcap_version.h. Require that version.h be generated: all build procedures we support generate version.h (autoconf, CMake, MSVC)! Properly check for sock_recv() errors. Re-impose some of Winsock's limitations on sock_recv(). Replace sprintf() with pcap_snprintf(). Fix signature of pcap_stats_ex_remote(). Initial cmake support for remote packet capture. Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag. Clean up {DAG, Septel, Myricom SNF}-only builds. Do UTF-16-to-ASCII conversion into the right place. pcap_create_interface() needs the interface name on Linux. Clean up hardware time stamp support: the "any" device does not support any time stamp types. Add support for capturing on FreeBSD usbusN interfaces. Add a LINKTYPE/DLT_ value for FreeBSD USB. Go back to using PCAP_API on Windows. CMake support Add TurboCap support from WinPcap. Recognize 802.1ad nested VLAN tag in vlan filter. Thursday Sep. 3, 2015 guy@alum.mit.edu Summary for 1.7.5 libpcap release Man page cleanups. Add some allocation failure checks. Fix a number of Linux/ucLinux configure/build issues. Fix some memory leaks. Recognize 802.1ad nested VLAN tag in vlan filter. Fix building Bluetooth Linux Monitor support with BlueZ 5.1+
2017-02-02Updated x11/xauth to 1.0.10wiz1-1/+2
2017-02-02Updated xauth to 1.0.10.wiz2-7/+7
Alan Coopersmith (2): include POSIX-standard limits.h for PATH_MAX instead of sys/syslimits.h autogen.sh: Honor NOCONFIGURE=1 Dr. Tilmann Bubeck (2): Clarified RELEASING in README Fix for xauth failing on ENOSPC (= disk full) Emil Velikov (1): autogen.sh: use quoted string variables Jeremy Huddleston Sequoia (1): Update DISPLAY parsing to work with new launchd paths in Yosemite Jon TURNEY (1): Fix !HAVE_STRLCPY case Matt Turner (2): Build xauth before running tests. xauth 1.0.10 Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (2): autogen.sh: stop using maintainer mode autogen.sh: use exec instead of waiting for configure to finish Søren Sandmann Pedersen (1): usage(): Print summary for the -n option
2017-02-02Updated devel/xorg-util-macros to 1.19.1wiz1-1/+2
2017-02-02Updated xorg-util-macros to 1.19.1.wiz2-7/+7
Alan Coopersmith (1): XORG_MANPAGE_SECTIONS: limit SysV man page sections to Solaris 2.0-11 Andreas Boll (1): Fix XORG_WITH_XMLTO to work with xmlto >= 0.0.27 Emil Velikov (1): autogen.sh: use quoted string variables Matt Turner (1): Version bump: 1.19.1 Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish
2017-02-02Updated x11/xconsole to 1.0.7wiz1-1/+2
2017-02-02Updated xconsole to 1.0.7.wiz2-7/+7
Alan Coopersmith (3): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 config: add AC_USE_SYSTEM_EXTENSIONS Emil Velikov (1): autogen.sh: use quoted string variables Matt Turner (1): xconsole 1.0.7 Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish
2017-02-02Updated x11/libdrm to 2.4.75wiz1-1/+2
2017-02-02Alex Xie (4):wiz2-7/+7
amdgpu: Provide more specific error message if non-privileged user runs amdgpu_test amdgpu: verify the tested device amdgpu: A new option to choose which device to run most tests amdgpu: A new option to run tests on render node Chad Versace (2): Bump version for 2.4.75 release Bump version for 2.4.75 release Chris Wilson (5): Import uapi/i915_drm.h from v4.10-rc5-950-g152d5750dda9 intel: Allow the client to control implicit synchronisation intel: Support passing of explicit fencing from execbuf intel: Clear execobject flags before preserving object in reuse cache intel: Export a function to re-enable implicit synchronisation Dave Airlie (2): Revert "Bump version for 2.4.75 release" intel: fix make distcheck Dongwon Kim (1): intel: update global_name before HASH_ADD Emil Velikov (16): xf86drm: use maj/min in drmParsePciDeviceInfo() xf86drm: add plumbing to not retrieve PCI device revision xf86drm: parse the separate sysfs files for vendor... info xf86drm: introduce drmGetDevice[s]2 tests/drmdevice: use drmGetDevice[s]2 tests: remove useless legacy tests kms: remove commented out libudev code configure: remove libudev checks tests: automake: reorder makefile contents autogen.sh: set format.subjectPrefix and sendemail.to if needed android: remove LOCAL_MODULE_TAGS := optional tag android: introduce Android.common.mk to reduce boilerplate android: add HAVE_VISIBILITY to Android.common.mk android: add note about command line defines and config.h android: silence ~550 warnings tests/nouveau: automake: fold C and CPP flags Fabio Estevam (1): README: Fix grammar Grazvydas Ignotas (1): xf86drm: fix sign-compare warning Jonathan Gray (8): xf86drm: implement drmGetMinorNameForFD for non-sysfs xf86drm: implement drmParseSubsystemType for OpenBSD xf86drm: implement drmParsePciDeviceInfo for OpenBSD xf86drm: implement drmParsePciBusInfo for OpenBSD xf86drm: implement an OpenBSD specific drmGetDevice2 xf86drm: adjust device node path for minor base xf86drm: add a non-sysfs version of drmGetDeviceNameFromFd2 xf86drm: don't fatal on per device error in drmGetDevice[s]2 Neil Armstrong (1): tests/util: Add support for meson module Seung-Woo Kim (1): libkms/exynos: fix memory leak in error path Taro Yamada (1): xf86drm: fix null termination of string buffer Thierry Reding (10): xf86drm: Fix indentation Add .editorconfig xf86drmMode.h: Use consistent padding xf86drmMode.h: Add DisplayPort MST and DPI encoders/connectors xf86drm: Fix type-punned pointer build warning xf86drm: Factor out drmDeviceAlloc() xf86drm: Add USB support xf86drm: Add platform and host1x bus support tests/drmdevice: Add USB, platform and host1x support xf86drm: Reuse sysfs_uevent_get() Tomasz Figa (1): tests: Use -pthread in CFLAGS instead of -lpthread Ville Syrjälä (1): modetest: Allow the user to specify the plane ID
2017-02-02Updated security/fail2ban to 0.9.6nils1-1/+2
2017-02-02Updated security/fail2ban to 0.9.6.nils3-12/+22
Upstream changelog : * Misleading add resp. enable of (already available) jail in database, that induced a subsequent error: last position of log file will be never retrieved (gh-795) * Fixed a distribution related bug within testReadStockJailConfForceEnabled (e.g. test-cases faults on Fedora, see gh-1353) * Fixed pythonic filters and test scripts (running via wrong python version, uses "fail2ban-python" now); * Fixed test case "testSetupInstallRoot" for not default python version (also using direct call, out of virtualenv); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); * FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540) * Monit config: scripting is not supported in path (gh-1556) * `filter.d/apache-modsecurity.conf` - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all replaced for safer match, unneeded catch-all anchoring removed, non-capturing * `filter.d/asterisk.conf` - Fixed to match different asterisk log prefix (source file: method:) * `filter.d/dovecot.conf` - Fixed failregex ignores failures through some not relevant info (gh-1623) * `filter.d/ignorecommands/apache-fakegooglebot` - Fixed error within apache-fakegooglebot, that will be called with wrong python version (gh-1506) * `filter.d/assp.conf` - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf` - Allow for having no trailing space after 'failed:' (gh-1497) * `filter.d/vsftpd.conf` - Optional reason part in message after FAIL LOGIN (gh-1543) * `filter.d/sendmail-reject.conf` - removed mandatory double space (if dns-host available, gh-1579) * filter.d/sshd.conf - recognized "Failed publickey for" (gh-1477); - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479) - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479) - optional port part after host (see gh-1533, gh-1581) * New Actions: - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD * New Filters: - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine) (gh-1586, gh-1606 and gh-1607) * DateTemplate regexp extended with the word-end boundary, additionally to word-start boundary * Introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located): - allows to use the same version, fail2ban currently running, e.g. in external scripts just via replace python with fail2ban-python: ```diff -#!/usr/bin/env python +#!/usr/bin/env fail2ban-python ``` - always the same pickle protocol - the same (and also guaranteed available) fail2ban modules - simplified stand-alone install, resp. stand-alone installation possibility via setup (like gh-1487) is getting closer * Several test cases rewritten using new methods assertIn, assertNotIn * New forward compatibility method assertRaisesRegexp (normally python >= 2.7). Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged are test covered now * Jail configuration extended with new syntax to pass options to the backend (see gh-1408), examples: - `backend = systemd[journalpath=/run/log/journal/machine-1]` - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]` - `backend = systemd[journalflags=2]`
2017-02-02Updated net/tcpdump to 4.9.0maya2-3/+3
2017-02-02tcpdump: update to 4.9.0maya2-7/+7
fixes the most crazy number of buffer overflow CVEs in printing functions (41 of them). changelog Wednesday January 18, 2017 devel.fx.lebail@orange.fr Summary for 4.9.0 tcpdump release General updates: Improve separation frontend/backend (tcpdump/libnetdissect) Don't require IPv6 library support in order to support IPv6 addresses Introduce data types to use for integral values in packet structures Fix display of timestamps with -tt, -ttt and -ttttt options Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others (More information in the log with CVE-2016-* and CVE-2017-*) Change the way protocols print link-layer addresses (Fix heap overflows in CALM-FAST and GeoNetworking printers) Pass correct caplen value to ether_print() and some other functions Fix lookup_nsap() to match what isonsap_string() expects Clean up relative time stamp printing (Fix an array overflow) Fix some alignment issues with GCC on Solaris 10 SPARC Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks Add a fn_printztn() which returns the number of bytes processed Add nd_init() and nd_cleanup() functions. Improve libsmi support Add CONTRIBUTING file Add a summary comment in all printers Compile with more warning options in devel mode if supported (-Wcast-qual, ...) Fix some leaks found by Valgrind/Memcheck Fix a bunch of de-constifications Squelch some Coverity warnings and some compiler warnings Update Coverity and Travis-CI setup Update Visual Studio files Frontend: Fix capsicum support to work with zerocopy buffers in bpf Try opening interfaces by name first, then by name-as-index Work around pcap_create() failures fetching time stamp type lists Fix a segmentation fault with 'tcpdump -J' Improve addrtostr6() bounds checking Add exit_tcpdump() function Don't drop CAP_SYS_CHROOT before chrooting Fixes issue where statistics not reported when -G and -W options used New printers supporting: Generic Protocol Extension for VXLAN (VXLAN-GPE) Home Networking Control Protocol (HNCP), RFCs 7787 and 7788 Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets Marvell Extended Distributed Switch Architecture header (MEDSA) Network Service Header (NSH) REdis Serialization Protocol (RESP) Updated printers: 802.11: Beginnings of 11ac radiotap support 802.11: Check the Protected bit for management frames 802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow) 802.11: Fix the radiotap printer to handle the special bits correctly 802.11: If we have the MCS field, it's 11n 802.11: Only print unknown frame type or subtype messages once 802.11: Radiotap dBm values get printed as dB; Update a test output accordingly 802.11: Source and destination addresses were backwards AH: Add a bounds check AH: Report to our caller that dissection failed if a bounds check fails AP1394: Print src > dst, not dst > src ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow) ATALK: Add bounds and length checks (Fix heap overflows) ATM: Add some bounds checks (Fix a heap overflow) ATM: Fix an incorrect bounds check BFD: Update specification from draft to RFC 5880 BFD: Update to print optional authentication field BGP: Add decoding of ADD-PATH capability BGP: Add support for the AIGP attribute (RFC7311) BGP: Print LARGE_COMMUNITY Path Attribute BGP: Update BGP numbers from IANA; Print minor values for FSM notification BOOTP: Add a bounds check Babel: Add decoder for source-specific extension CDP: Filter out non-printable characters CFM: Fixes to match the IEEE standard, additional bounds and length checks CSLIP: Add more bounds checks (Fix a heap overflow) ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow) DHCP: Fix MUDURL and TZ options DHCPv6: Process MUDURL and TZ options DHCPv6: Update Status Codes with RFCs/IANA names DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case DTP: Improve packet integrity checks EGP: Fix bounds checks ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later ESP: Handle OpenSSL 1.1.x Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow) Ethernet: Print the Length/Type field as length when needed FDDI: Fix -e output for FDDI FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows) GRE: Add some bounds checks (Fix heap overflows) Geneve: Fix error message with invalid option length; Update list option classes HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS() ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string IGMP: Add a length check IP: Add a bounds check (Fix a heap overflow) IP: Check before fetching the protocol version (Fix a heap overflow) IP: Don't try to dissect if IP version != 4 (Fix a heap overflow) IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow) IPoFC: Fix -e output (IP-over-Fibre Channel) IPv6: Don't overwrite the destination IPv6 address for routing headers IPv6: Fix header printing IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP ISAKMP: Clean up parsing of IKEv2 Security Associations ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature ISOCLNS/IS-IS: Filter out non-printable characters ISOCLNS/IS-IS: Fix segmentation faults ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing ISOCLNS: Add some bounds checks Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow) LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header LLC: Add a bounds check (Fix a heap overflow) LLC: Clean up printing of LLC packets LLC: Fix the printing of RFC 948-style IP packets LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols LLDP: Implement IANA OUI and LLDP MUD option MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks MPLS: "length" is now the *remaining* packet length MPLS: Add bounds and length checks (Fix a heap overflow) NFS: Add a test that makes unaligned accesses NFS: Don't assume the ONC RPC header is nicely aligned NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault) NFS: Don't run past the end of an NFSv3 file handle OLSR: Add a test to cover a HNA sgw case OLSR: Fix 'Advertised networks' count OLSR: Fix printing of smart-gateway HNAs in IPv4 OSPF: Add a bounds check for the Hello packet options OSPF: Do more bounds checking OSPF: Fix a segmentation fault OSPF: Fix printing 'ospf_topology_values' default OTV: Add missing bounds checks PGM: Print the formatted IP address, not the raw binary address, as a string PIM: Add some bounds checking (Fix a heap overflow) PIMv2: Fix checksumming of Register messages PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer PPP: Add some bounds checks (Fix a heap overflow) PPP: Report invalid PAP AACK/ANAK packets Q.933: Add a missing bounds check RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute RADIUS: Filter out non-printable characters RADIUS: Translate UDP/1700 as RADIUS RESP: Do better checking of RESP packets RPKI-RTR: Add a return value check for "fn_printn" call RPKI-RTR: Remove printing when truncated condition already detected RPL: Fix 'Consistency Check' control code RPL: Fix suboption print RSVP: An INTEGRITY object in a submessage covers only the submessage RSVP: Fix an infinite loop; Add bounds and length checks RSVP: Fix some if statements missing brackets RSVP: Have signature_verify() do the copying and clearing RTCP: Add some bounds checks RTP: Add some bounds checks, fix two segmentation faults SCTP: Do more bounds checking SFLOW: Fix bounds checking SLOW: Fix bugs, add checks SMB: Before fetching the flags2 field, make sure we have it SMB: Do bounds checks on NBNS resource types and resource data lengths SNMP: Clean up the "have libsmi but no modules loaded" case SNMP: Clean up the object abbreviation list and fix the code to match them SNMP: Do bounds checks when printing character and octet strings SNMP: Improve ASN.1 bounds checks SNMP: More bounds and length checks STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows) STP: Filter out non-printable characters TCP: Add bounds and length checks for packets with TCP option 20 TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP TCP: Fix two bounds checks (Fix heap overflows) TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow) TCP: Put TCP-AO option decoding right TFTP: Don't use strchr() to scan packet data (Fix a heap overflow) Telnet: Add some bounds checks TokenRing: Fix -e output UDLD: Fix an infinite loop UDP: Add a bounds check (Fix a heap overflow) UDP: Check against the packet length first UDP: Don't do the DDP-over-UDP heuristic check up front VAT: Add some bounds checks VTP: Add a test on Mgmt Domain Name length VTP: Add bounds checks and filter out non-printable characters VXLAN: Add a bound check and a test case ZeroMQ: Fix an infinite loop Tuesday October 25, 2016 mcr@sandelman.ca Summary for 4.8.1 tcpdump release Fix "-x" for Apple PKTAP and PPI packets Use PRIx64 to print a 64-bit number in hex. Printer for HNCP (RFCs 7787 and 7788). dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer. RSVP: Add bounds and length checks OSPF: Do more bounds checking Handle OpenSSL 1.1.x. Initial support for the REdis Serialization Protocol known as RESP. Add printing function for Generic Protocol Extension for VXLAN draft-ietf-nvo3-vxlan-gpe-01 Network Service Header: draft-ietf-sfc-nsh-01 Don't recompile the filter if the new file has the same DLT. Pass an adjusted struct pcap_pkthdr to the sub-printer. Add three test cases for already fixed CVEs CVE-2014-8767: OLSR CVE-2014-8768: Geonet CVE-2014-8769: AODV Don't do the DDP-over-UDP heuristic first: GitHub issue #499. Use the new debugging routines in libpcap. Harmonize TCP source or destination ports tests with UDP ones Introduce data types to use for integral values in packet structures. RSVP: Fix an infinite loop Support of Type 3 and Type 4 LISP packets. Don't require IPv6 library support in order to support IPv6 addresses. Many many changes to support libnetdissect usage. Add a test that makes unaligned accesses: GitHub issue #478. add a DNSSEC test case: GH #445 and GH #467. BGP: add decoding of ADD-PATH capability fixes to LLC header printing, and RFC948-style IP packets ----------------------------------------------------------------------
2017-02-02Updated security/libressl to 2.5.1wiz1-1/+2
2017-02-02Updated libressl to 2.5.1.wiz3-54/+998
2.5.1 - Bug and security fixes, new features, documentation updates * X509_cmp_time() now passes a malformed GeneralizedTime field as an error. Reported by Theofilos Petsios. * Detect zero-length encrypted session data early, instead of when malloc(0) fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi. * Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate(). * Massive update and normalization of manpages, conversion to mandoc format. Many pages were rewritten for clarity and accuracy. Portable doc links are up-to-date with a new conversion tool. * Curve25519 Key Exchange support. * Support for alternate chains for certificate verification. * Code cleanups, CBS conversions, further unification of DTLS/SSL handshake code, further ASN1 macro expansion and removal. * Private symbol are now hidden in libssl and libcryto. * Friendly certificate verification error messages in libtls, peer verification is now always enabled. * Added OCSP stapling support to libtls and netcat. * Added ocspcheck utility to validate a certificate against its OCSP responder and save the reply for stapling * Enhanced regression tests and error handling for libtls. * Added explicit constant and non-constant time BN functions, defaulting to constant time wherever possible. * Moved many leaked implementation details in public structs behind opaque pointers. * Added ticket support to libtls. * Added support for setting the supported EC curves via SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of curves to be X25519, P-256 and P-384. All other curves must be manually enabled. * Added -groups option to openssl(1) s_client for specifying the curves to be used in a colon-separated list. * Merged client/server version negotiation code paths into one, reducing much duplicate code. * Removed error function codes from libssl and libcrypto. * Fixed an issue where a truncated packet could crash via an OOB read. * Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows client-initiated renegotiation. This is the default for libtls servers. * Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing. This is due to BN_mod_inverse() being used without the constant time flag being set. Reported by Cesar Pereida Garcia and Billy Brumley (Tampere University of Technology). The fix was developed by Cesar Pereida Garcia. * iOS and MacOS compatibility updates from Simone Basso and Jacob Berkman.
2017-02-02 -- Add one more package with BUILD_DEPENDS for make test.mef1-1/+2
2017-02-02 -- Add 4 packages with BUILD_DEPENDS for make testmef1-1/+7
2017-02-02Stop messing with compiler/linker bitness on SunOS. Let pkgsrc and compiler ↵fhajny3-1/+40
do its job.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 23:30:27 +0000