summaryrefslogtreecommitdiff
path: root/security/spiped
AgeCommit message (Collapse)AuthorFilesLines
2019-05-28*: Remove per-package MESSAGE.{rcd,smf} handling.jperkin1-8/+1
This is now centralised in mk/pkgformat so no need to do it manually.
2016-06-08Remove the stability entity, it has no meaning outside of an official context.jperkin1-1/+0
2016-06-08Change the service_bundle name to "export" to reduce diffs between thejperkin1-1/+1
original manifest.xml file and the output from "svccfg export".
2016-03-05Bump PKGREVISION for security/openssl ABI bump.jperkin1-1/+2
2016-02-26Use OPSYSVARS.jperkin1-6/+6
2015-12-14Ensure OpenSSL libraries can be found.jperkin1-1/+2
2015-11-04Add SHA512 digests for distfiles for security categoryagc1-1/+2
Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
2015-03-04use c99 to fix build on illumoswiedi1-1/+2
2015-02-22Update spiped to 1.5.0wiedi2-6/+6
Changelog: spiped-1.5.0 * Attempt to set the TCP_NODELAY socket option on connections, in order to avoid punishing latencies from TCP nagling.
2014-10-21Update spiped to 1.4.2wiedi2-6/+6
Changelog: spiped-1.4.2 * Fix crash on platforms which support AESNI (i386, amd64) but do not automatically provide 16-byte alignment to large memory allocations (glibc, possibly others).
2014-09-08Update spiped to 1.4.1wiedi2-7/+6
spiped-1.4.1 * Fix build on OS X, and improve strict POSIX compliance. * Improved zeroing of sensitive cryptographic data. spiped-1.4.0 * Add automatic detection of compiler support (at compile-time) and CPU support (at run-time) for x86 "AES New Instructions"; and when available, use these to improve cryptographic performance. * Add support for -g option, which makes {spiped, spipe} require perfect forward secrecy by dropping connections if the peer endpoint is detected to be running using the -f option.
2014-08-18change smf manifest to use startd/duration child, this prevents useless ↵wiedi3-5/+10
creation of pid files
2014-07-24Make sure RPATH to libcrypto is added, fixes check-shlibs-elf.jperkin1-2/+6
2014-06-17fix SMF Manifest installation by not overwriting INSTALLATION_DIRSwiedi1-2/+2
2014-06-12needs openssl as suggested by bulk buildwiedi1-1/+2
2014-05-14Use PKG_SYSCONFDIR.jperkin2-4/+5
2014-05-14Add SMF manifestwiedi4-2/+92
2014-04-21added man pages deserve a PKGREVISION bumbwiedi1-1/+2
2014-04-21Fix build on SunOS and include man pageswiedi2-3/+13
2014-04-18Import spiped-1.3.1 as security/spiped.wiz4-0/+49
spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on a different system). This is similar to 'ssh -L' functionality, but does not use SSH and requires a pre-shared symmetric key. Note that spiped: 1. Requires a strong key file: The file specified via the -k option should have at least 256 bits of entropy. ('dd if=/dev/urandom bs=32 count=1' is your friend.) 2. Does not provide any protection against information leakage via packet timing: Running telnet over spiped will protect a password from being directly read from the network, but will not obscure the typing rhythm. 3. Can significantly increase bandwidth usage for interactive sessions: It sends data in packets of 1024 bytes, and pads smaller messages up to this length, so a 1 byte write could be expanded to 1024 bytes if it cannot be coalesced with adjacent bytes. 4. Uses a symmetric key -- so anyone who can connect to an spiped "server" is also able to impersonate it.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-10 20:46:56 +0000