| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
i386: citrix_ica-6.30.1050
sparc: citrix_ica-6.20.985
Update provided in PR pkg/17192 by Murray Armfield.
Submitter could not find an update list to the client program but
noticed the following changes:
- Auto reconnect option
- Smart card logons
- proxy/firewall configuration changes, now takes https and netscape settings for firewall.
|
|
|
|
|
|
|
|
includes (i.e NetBSD-1.4.3). Problem pointed out by Amitai Schlair.
|
|
changes since bozohttpd 5.12:
o support .mp3 files (type audio/mpeg)
o use stat() to find out if something is a directory, for -X mode
changes since bozohttpd 5.11:
o constification
o fixes & enhancements for directory index mode (-X)
|
|
|
|
changes:
- Ignore undefined bits of "flash used" tag, as cannon sets them nonzero,
causing jhead to indicate flash used when it wasn't with some Canon models.
- Automatic rotation using jpegtran & clear rotation element
- Option to put a file in as comments (as opposed to edit file)
This adresses pkg/17816 by Eric Jacoboni
|
|
enable for NetBSD-*
This fixes pkg/16450 by Jan Schaumann.
|
|
|
|
|
|
|
|
in wrapper script
|
|
|
|
Jabber is an open, XML based Instant Messaging system that seeks
to be the standard IM network. It is a distributed system, created
from the ground up, not relying upon central servers. Thus, anyone
can run a server, and they are all interoperable. For assistance
with migrating users to Jabber, many servers feature transports
for interoperating with other IM systems.
Features:
* Message (ICQ-style) and Chat (AIM-style) modes
* Drag and drop to send to multiple contacts
* Full Unicode support
* Secure connections
* Saving contact list locally, and server sync on login
* Icon Themes
* Agent registration and searching
* Retrieving and updating User Info
* Sound support for incoming events
* Auto-away after a configurable amount of time
* Tray/dock icon for KDE/GNOME environments
* Language plugins
|
|
seem to be working fine empty, but it may be eventually be problematic
|
|
|
|
|
|
an application under the Blackbox window manager, into pkgsrc using files
provided by Anthony Mallet <anthony dot mallet at useless-ficus dot net>
in PR pkg/17831 with minor modifications by myself.
|
|
and also changes the ABI of "libcrypto" and "libssl". (So the shared
library majors and buildlink requirements are bumped, too.) The code
base is now synced perfectly with NetBSD HEAD and netbsd-1-6 branches
as of 2002-08-04, the optimization levels are reduced to "-O2", but
I've retained some of the processor optimization flags and different code
path #defines in the "Configure" script, just to keep things interesting.
The default "certs" directory on NetBSD is now "/etc/openssl/certs", to
give continuity to those who find themselves using the package system's
"openssl" after upgrading a package that formerly used the base system's.
[Suggested by itojun.] The best way to avoid such problems, however, is
to upgrade your base system *first*.
I'm making use of the new and improved build system as much as possible.
This gives us a cleaner way to make shared libraries and real man pages,
but loses many of the symlinks to the openssl binary.
I've culled items from the "CHANGES" file that appear to have security
implications or are particularly interesting for NetBSD users, below.
My comments are marked off with '===>'.
===> This is from the netbsd-20020804-patch
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
Alon Kantor <alonk@checkpoint.com> (and others),
Steve Henson]
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
*) New option
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
that was added in OpenSSL 0.9.6d.
As the countermeasure turned out to be incompatible with some
broken SSL implementations, the new option is part of SSL_OP_ALL.
SSL_OP_ALL is usually employed when compatibility with weird SSL
implementations is desired (e.g. '-bugs' option to 's_client' and
's_server'), so the new option is automatically set in many
applications.
[Bodo Moeller]
*) Changes in security patch:
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
supplied buffer.
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
happen in practice.
[Ben Laurie (CHATS)]
*) Various temporary buffers to hold ASCII versions of integers were
too small for 64 bit platforms. (CAN-2002-0655)
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
*) Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized session ID to a client. (CAN-2002-0656)
[Ben Laurie (CHATS)]
*) Remote buffer overflow in SSL2 protocol - an attacker could
supply an oversized client master key. (CAN-2002-0656)
[Ben Laurie (CHATS)]
Changes between 0.9.6c and 0.9.6d [9 May 2002]
*) Implement a countermeasure against a vulnerability recently found
in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
before application data chunks to avoid the use of known IVs
with data potentially chosen by the attacker.
[Bodo Moeller]
Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
*) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
PRNG state recovery was possible based on the output of
one PRNG request appropriately sized to gain knowledge on
'md' followed by enough consecutive 1-byte PRNG requests
to traverse all of 'state'.
1. When updating 'md_local' (the current thread's copy of 'md')
during PRNG output generation, hash all of the previous
'md_local' value, not just the half used for PRNG output.
2. Make the number of bytes from 'state' included into the hash
independent from the number of PRNG bytes requested.
The first measure alone would be sufficient to avoid
Markku-Juhani's attack. (Actually it had never occurred
to me that the half of 'md_local' used for chaining was the
half from which PRNG output bytes were taken -- I had always
assumed that the secret half would be used.) The second
measure makes sure that additional data from 'state' is never
mixed into 'md_local' in small portions; this heuristically
further strengthens the PRNG.
[Bodo Moeller]
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
when fixing the server behaviour for backwards-compatible 'client
hello' messages. (Note that the attack is impractical against
SSL 3.0 and TLS 1.0 anyway because length and version checking
means that the probability of guessing a valid ciphertext is
around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
paper.)
Before 0.9.5, the countermeasure (hide the error by generating a
random 'decryption result') did not work properly because
ERR_clear_error() was missing, meaning that SSL_get_error() would
detect the supposedly ignored error.
Both problems are now fixed.
[Bodo Moeller]
Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
===> This is our ABI change.
*) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
with des_encrypt() defined on some operating systems, like Solaris
and UnixWare.
[Richard Levitte]
*) Don't use getenv in library functions when run as setuid/setgid.
New function OPENSSL_issetugid().
[Ulf Moeller]
*) Store verify_result within SSL_SESSION also for client side to
avoid potential security hole. (Re-used sessions on the client side
always resulted in verify_result==X509_V_OK, not using the original
result of the server certificate verification.)
[Lutz Jaenicke]
===> package doesn't doesn't do this. We'll bump major versions
===> as necessary.
*) Make sure that shared libraries get the internal name engine with
the full version number and not just 0. This should mark the
shared libraries as not backward compatible. Of course, this should
be changed again when we can guarantee backward binary compatibility.
[Richard Levitte]
*) Rework the system to generate shared libraries:
- Make note of the expected extension for the shared libraries and
if there is a need for symbolic links from for example libcrypto.so.0
to libcrypto.so.0.9.7. There is extended info in Configure for
that.
- Make as few rebuilds of the shared libraries as possible.
- Still avoid linking the OpenSSL programs with the shared libraries.
- When installing, install the shared libraries separately from the
static ones.
|
|
ok'd by MAINTAINER mjl
|
|
|
|
New features:
* The built-in Help system was revamped, a hyperlink mechanism was
added for following cross-references
* Enhanced Exuberant ctags support
* Line numbers are available in shell commands
* Goto Line also accepts column numbers
* Automatic line-feed termination when saving is now optional
* A customizable window title
* Optional syntax based parenthesis matching (iso. purely character based)
Fixed bugs:
* Find Definition incorrectly reads the X selection when not needed
* Background popup menu could lock up X-server when used with
any of the lock keys on
* Very wide windows when starting NEdit under fvwm
* Workaround for illegal key bindings installed by other Motif
applications, causing PageUp/PageDown and arrow keys to stop
responding in NEdit. This is not an NEdit bug, it just looks like one
* Fix for PageUp/PageDown keys not responding
* Crash when running X on 2nd screen
* Line number display updating in continous wrap mode
* Performance problem with X Resources highlight patterns
* Menu fonts showing up as blocks
* Lockup's in syntax highlighting (especially Perl)
* Crash when using characters with ASCII code >= 128 in syntax
highlighting patterns
* Crash when modifying tab distance in continous wrap mode
* Crash when running NEdit in low-depth color modes
* Continous wrap mode + variable width font display bugs
* Potential scroll bar corruption in continuous wrap mode
* Workaround for selection copy/paste problems with recent versions
of gnome-terminal
* Jump to tags only referenced by line number
* Composed characters in learned sequence
* Missing titles in some dialogs
* Macro language: continue statement outside loop crash
* Rectangular overstrike paste fixes
* Hard-coded statistics line font
* Open filenames starting with a dash
* Crash when closing window of non-existing file while error dialog is up
* Bad CapsLock grab on certain keyboard configurations
* Replacements in rectangular selections could sometimes fail
* Various buffer overflow fixes
* Multiple selection dialog does not pop up on first find
* Tag not found
* Files opened with -read command line option could not be unlocked
|
|
|
|
|
|
|
|
squidGuard is a combined filter, redirector and access controller plugin
for Squid. It can be used to:
* limit the web access for some users to a list of accepted/well known web
servers and/or URLs only.
* block access to some listed or blacklisted web servers and/or URLs
for some users.
* block access to URLs matching a list of regular expressions or words
for some users.
* enforce the use of domainnames/prohibit the use of IP address in URLs.
* redirect blocked URLs to an "intelligent" CGI based info page.
* redirect unregistered user to a registration form.
* redirect popular downloads like Netscape, MSIE etc. to local copies.
* redirect banners to an empty GIF.
* have different access rules based on time of day, day of the week, date etc.
* have different rules for different user groups.
* and much more..
|
|
|
|
Apply patch from pkg/17260, which should now work after the recent
buildlink changes.
|
|
later correctly used with the @dirrm prefix to be removed, but having
a second one here cause some problems while removing the package.
|
|
pointed out by Thomas Klausner.
|
|
pointed out by Thomas Klausner.
|
|
|
|
|
|
pattern with "pkg_info -e <pattern>", we can actually match a full package
name.
|
|
for Solaris on FTP_CMD value in Makefile.inc.
Fixed in revision 1.19 of basesrc/usr.sbin/pkg_install/Makefile.inc.
|
|
|
|
explicitly, too
|
|
|
|
for a compat_svr4 setup rather than compat_sunos as its a solaris-2.6
binary. Finally, add a mirror site.
|
|
lockup in select()
Patch submitted by Christian Biere <ChristianBiere@gmx.de> in PR 17745
|
|
still 0.9.5, so no changes there). Also install manpage for frontend.
|
|
of 0.93b, however, it's not happening yet)
- bgpd: bug in capability negotiation
- ospf6d: synchronize with zebra deamon correctly
|
|
* Added protocol scan (-sO), which determines what IP protocols
(TCP, IGMP, GRE, UDP, ICMP, etc) are supported by a given host.
This uses a clever technique designed and implemented by Gerhard
Rieger .
* Nmap now recognizes more than 700 operating system versions and
network devices (printers, webcams, routers, etc) thanks to
thousands of contributions from the user community! Many
operating systems were even recognized by Nmap prior to their
official release. Nmap3 also recognizes 2148 port assignments,
451 SunRPC services, and 144 IP protocols.
* Added Idlescan (-sI), which bounces the scan off a "zombie"
machine. This can be used to bypass certain (poorly configured)
firewalls and packet filters. In addition, this is the most
stealthy Nmap scan mode, as no packets are sent to the target
from your true IP address.
* The base Nmap package now builds and functions under Windows! It
is distributed in three forms: build-it-yourself source code, a
simple command-line package, or along with a nice GUI interface
(NmapWin) and a fancy installer. This is due to the hard work of
Ryan Permeh (from eEye), Andy Lutomirski, and Jens Vogt.
* Mac OS X is now supported, as well as the latest versions of
Linux, OpenBSD, Solaris, FreeBSD, and most other UNIX platforms.
Nmap has also been ported to several handheld devices -- see the
Related Projects page for further information.
* XML output (-oX) is now available for smooth interoperability
between Nmap and other tools.
* Added ICMP Timestamp and Netmask ping types (-PP and -PM). These
(especially timestamp) can be useful against some hosts that do
not respond to normal ping (-PI) packets. Nmap still allows TCP
"ping" as well.
* Nmap can now detect the uptime of many hosts when the OS Scan
option (-O) is used.
* Several new tests have been added to make OS detection more
accurate and provide more granular version information.
* Removed 128.210.*.* addresses from Nmap man page examples due to
complaints from Purdue security staff.
* The --data_length option was added, allowing for longer probe
packets. Among other uses, this defeats certain simplistic IDS
signatures.
* You can now specify distinct port UDP and TCP port numbers in a
single scan command using a command like 'nmap -sSU -p
U:53,111,137,T:21-25,80,139,515,6000,8080 target.com'. See the
man page for more usage info.
* Added mysterious, undocumented --scanflags and --fuzzy options.
* Nmap now provides IPID as well as TCP ISN sequence
predictability reports if you use -v and -O.
* SYN scan is now the default scan type for privileged (root)
users. This is usually offers greater performance while reducing
network traffic.
* Capitalized all references to God in error messages.
* Added List scan (-sL) which enumerates targets without scanning
them.
* The Nmap "random IP" scanning mode is now smart enough to skip
many unallocated netblocks.
* Tons of more minor features, bugfixes, and portability enhancements.
|
|
|
|
|
|
|
|
The goal of the Subversion project is to build a version control system that
is a compelling replacement for CVS in the open source community. The software
is released under an Apache/BSD-style open source license.
Submitted by Joel Wilsson <joelw@unix.se> in PR 17813.
|
|
|
|
portability layer
The Apache Portable Run-time mission is to provide a library of
routines that allows programmers to write a program once and be
able to compile it anywhere.
Submitted by Joel Wilsson <joelw@unix.se> in PR 17811.
|
