| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Suggested by Roland Illig, ok'd by various.
|
|
int arg cause compile to fail because -Werror is specified in compile flags.
Fix was to add appropriate cast in several places.
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
|
|
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
|
|
Buildlink files: RECOMMENDED version changed to current version.
|
|
not include <openssl/rsa.h> from <openssl/x509.h>. Fixes PR pkg/23901.
While here, apply the patches to properly buildlinkify it for openssl,
which I forgot to pass to agc@ for the last update.
|
|
|
|
correctly in the stock distribution.
|
|
No changelog available, but many bugs fixed, and these sources will
compile with gcc-3.3.1 (well, after I tweaked them). With thanks to
Christoph Badura for most of this work, I merely did the gcc-3.3.1
patching.
|
|
|
|
|
|
using RCD_SCRIPTS to handle generation and installation of the rc.d script.
Convert the rc.d script to the rc.subr framework too.
Bump PKGREVISION to 1.
|
|
|
|
|
|
|
|
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
|
|
|
|
* bug fixes
|
|
|
|
* OpenBSD 3.1 SA 010: Receiving IKE payloads out of sequence can cause
isakmpd(8) to crash.
* A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>.
Some style mods, and checks added for OpenSSL version 0.9.7 or later.
Currently CRLs are not supported for earlier versions.
Manual pages updated.
* Handle configuration lines that end in whitespace or ^M.
Also avoid a potential memory leak.
* Start for support of IKECFG in SET/ACK mode. Server side only so far.
* Fix keyed HMAC where the key was longer than the blocksize
|
|
|
|
|
|
- Change DH group handling in the pre-generated parts of the
configuration. Add a -GRP{1,2,5} component to transform and suite
names to directly specify which group to use. If no group is
specified, use DH group 2 (MODP_1024). Earlier transforms and suites
using the MD5 hash defaulted to DH group 1, this is no longer true.
- Unbreak MD5 and SHA1 passphrases in policy check.
- Don't message_dump_raw() bad length messages, i.e too short.
- Fix a couple of snprintf length bugs.
- Compile without warnings for older/newer OpenSSL.
|
|
Changes:
* bug fixes
|
|
- str[n]{cpy,cat} -> strl{cpy,cat}, sprintf -> snprintf
- strftime format fixes
- Don't hang waiting for select() with SIGTERM + no active SA
- Add UI option 'R' to trigger isakmpd reinit (same as SIGHUP)
...
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/
|
|
|
|
Exact list of changes is unknown (you might take a look at OpenBSD's
log entries at http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/)
|
|
key changes since 20010403:
- be more picky about isakmpd.policy permission
- debug: dump decoded IKE packets in pcap(3) format
- cert improvements
- RFC2367 compliance
- bug fixes: correct SA refcnt, memory alloc and doc fixes
|
|
|
|
|
|
+ move the patch digest/checksum values from files/patch-sum to distinfo
|
|
|
|
openbsd sbin/isakmpd/x509.c 1.46 -> 1.47
|
|
(isakmpd-20010403.tar.gz is placed into ftp.netbsd.org LOCAL_PORTS directory).
major changes from source-changes@openbsd mailing list:
use the hash algorithm found in original certificate for the signature
after it has been patched. from angelos@
For the GETSPI PFKEY message, use the sequence number from the ACQUIRE
message.
Make DES a feature, so isakmpd can compile on Linux (most of the fixed
by newsham@lava.net)
x509 verified to work on NetBSD now
|
|
|
|
|
|
|
|
|
|
too many changes to mention, so pls look at http://www.openbsd.org/plus.html
|
|
|
|
|
|
|
|
BROKEN variable. Unfortunately, no ChangeLog is available.
Patch system dependent make goo to use 'SSLBASE', mirroring it's use in
bsd.pkg.mk, rather than obsolete 'PATENTEDOPENSSLSRC'. Also, replace hard-
coded "/usr/pkg", replacing it with ${LOCALBASE}. Finally, set 'LOCALBASE'
and 'SSLBASE' conditionally within the package, for convenience.
|
|
RESTRICTED= variables that were predicated on former U.S. export
regulations. Add CRYPTO=, as necessary, so it's still possible to
exclude all crypto packages from a build by setting MKCRYPTO=no
(but "lintpkgsrc -R" will no longer catch them).
Specifically,
- - All packages which set USE_SSL just lose their RESTRICTED
variable, since MKCRYPTO responds to USE_SSL directly.
- - realplayer7 and ns-flash keep their RESTRICTED, which is based
on license terms, but also gain the CRYPTO variable.
- - srp-client is now marked broken, since the distfile is evidently
no longer available. On this, we're no worse off than before.
[We haven't been mirroring the distfile, or testing the build!]
- - isakmpd gets CRYPTO for RESTRICTED, but remains broken.
- - crack loses all restrictions, as it does not evidently empower
a user to utilize strong encryption (working definition: ability
to encode a message that requires a secret key plus big number
arithmetic to decode).
|
|
|
|
|
|
appropriate.
|
|
more fine-grained NO_{BIN,SRC}_ON_{FTP,CDROM} definitions.
MIRROR_DISTFILES and NO_CDROM are now dead.
|
|
|
