summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2008-03-04As of revision 1.2 of termcap.buildlink3.mk, "-ltermcap" is automaticallyjlam1-4/+2
transformed into the correct set of libraries, so we no longer need to override the configure script's check for which library has tgetent().
2008-03-04Correct pathname pkgsrc/local to pkgsrc/security.shannonjr2-5/+5
2008-03-04Update to 1.3:wiz2-6/+7
Version 1.3 (released 2008-02-01) - Handle 'INTEGER { ... } (a..b)' regression. Revert parts of earlier fix. asn1Parser can now again parse src/pkix.asn1. The ASN1.c file was generated using Bison 2.3. - Move examples from src/ to new directory examples/. - Duplicate copy of divergated pkix.asn removed. - Merge unnecessary lib/defines.h into lib/int.h. - Configure no longer tries to use gcc -pipe. - Update gnulib files. - Fix mem leak in self-test. Version 1.2 (released 2007-12-10) - Update gnulib files. Version 1.1 (released 2007-08-31) - Fix bug that made asn1_check_version believe that 1.0 is older than 0.3.10. Version 1.0 (released 2007-08-31) - The self-tests, command line tools and build infrastructure have been re-licensed from GPLv2 to GPLv3. - Doc fixes. - Update gnulib files. Version 0.3.10 (released 2007-05-25) - Update gnulib files.
2008-03-04Added entries for pcsc-lite, ccid, p5-pcsc, pcsc-tools and CoolKey.shannonjr1-1/+6
2008-03-04Provides driver support for the CoolKey and Common Access Card (CAC)shannonjr7-0/+291
smart card used in a Public Key Infrastructure (PKI). The libpkcs11 module allows use of Smart Cards in applications that use mozilla Network Security Services (NSS).
2008-03-04Provides several tools that are useful when workingshannonjr5-0/+73
with smart cards: csc_scan regularly scans every PC/SC reader connected to the host and reports when a card is inserted or removed. ATR_analysis is a Perl script used to parse the smart card ATR. The smartcard_list.txt contains ATR of some cards. It is used by ATR_analysis to find a card model corresponding to the ATR. The perl script scriptortis used to send commands to a smart card using a batch file or stdin.
2008-03-04This package contains a Perl wrapper to the PC/SC smartcard libraryshannonjr4-0/+47
(pcsc-lite) from MUSCLE together with some small examples.
2008-03-04This package provides a generic USB CCID (Chip/Smart Card Interface shannonjr9-0/+220
Devices) driver and ICCD (Integrated Circuit(s) Card Devices). See the USB CCID and ICCD specifications from the USB working group.
2008-03-04The purpose of PC/SC Lite is to provide a Windows(R) SCard interface in ashannonjr12-0/+199
very small form factor for communicating to smartcards and readers. The PC/SC Lite library is used to connect to the PC/SC daemon from a client application and provide access to the desired reader.
2008-03-04Resign from maintaining a lot of packages, so everyone is free to updaterillig3-6/+6
them at will.
2008-03-03Update ocaml-ssl to 0.4.2tonio2-9/+7
Update provided by Jaap Boender in PR 38145 Release notes not available. Added a .include bsd.prefs.mk so that MACHINE_ARCH is correctly defined.
2008-03-03Update to 0.9.11. Changes:shannonjr2-6/+6
- In case a lot of message were being processed, the heartbeat timer could be delayed for a long period of time. - The old scheduler algorithm could be unfair when certain message priority were not available for processing. We now appropriatly handle repartition to others priority messages. - Message of the same priority could be processed in the wrong order when on-disk buffers were used. - No integrity check were performed on orphan on-disk buffer in case of an operating system crash. By using the prelude-failover API, we can now detect possibly corrupted disk buffer, or resume at the time we stopped recovering them. - New sched-priority and sched-buffer-size configuration options. - Fix a bug where several relaying plugin instance would only forward their message to a single Manager.
2008-03-03Update to 0.9.16.2. Changes:shannonjr3-30/+6
- Fix bindings for IDMEF 'get_next' functions. - Make sure we use no additional GnuLib compiler flags when building bindings, this fix bindings compilation failure on some architecture (Solaris).
2008-03-02Add libssh2 to category Makefile.bjs1-1/+2
2008-03-02Import libssh2-0.18, a library implementing the SSH2 protocol (available bjs5-0/+115
under the revised BSD license).
2008-03-02The "missing-from-system" headers that Heimdal installs are now placedjlam1-2/+2
into ${PREFIX}/include/krb5/roken instead of ${PREFIX}/include/krb5. This is good because it reduces the likelihood of a conflict with any other similarly named headers if you simply add -I${PREFIX}/include/krb5 to the compiler command line. Patch from PR pkg/38119 by charlie.
2008-02-29Rename termlib.* to termcap.* to better document exactly what packagesjlam1-2/+2
are trying to use (the termcap t*() API).
2008-02-28Update security/heimdal to version 1.1. Changes from version 0.7.2 include:jlam1-0/+68
* Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes
2008-02-28Replaced the deprecated INSTALLATION_DIRS_FROM_PLIST with AUTO_MKDIRS,rillig2-4/+4
to shut up the pkglint warnings.
2008-02-28Update security/heimdal to version 1.1. Changes from version 0.7.2 include:jlam14-388/+255
* Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes
2008-02-21Changes 2.1.17:adam8-29/+32
This is a bug-fix release. It improves stablility of the policy importer on 64-bit platforms, supports import of iptables policies that use TCPMSS target, fixes problems with built-in RCS on windows when user does not have administrator's rights and comes with nearly 100% Brazilian Portugese translation
2008-02-20Link shared libraries with -rpath on IRIX to prevent check-shlibs errors.tnn2-4/+13
2008-02-19Update to 2.5.3. This update is from maintainer in PR #38062.reed2-7/+6
From the amavisd-new-2.5.3 release notes: BUG FIXES - fix parsing a SMTP status response from MTA when releasing from a quarantine, when a MTA response did not include an enhanced status code (RFC 3463) (such as with old versions of Postfix); a parsing failure resulted in attribute "setreply=450 4.5.0 Unexpected:..." in an AM.PDP protocol response, even though a release was successful; reported by Ron Miller, John M. Kupski, investigated by Tony Caduto and Jeremy Fowler; - change parsing of addresses in From, To, and Cc header fields, avoiding complex Perl regular expressions which could crash a process on certain degenerate cases of these header fields; thanks for detailed problem reports to Carsten Lührs and Attila Nagy; - completely rewritten parsing of Received header field to work around a Perl regular expression problem which could crash a process on certain degenerate cases of mail header fields; problem reported by Thomas Gelf; - harden to some extent regular expressions in parse_message_id to cope better with degenerate cases of header fields carrying message-id; - sanitize 8-bit characters in In-Reply-To and References header fields before using them in Pen Pals SQL lookups to avoid UTF-8 errors like: penpals_check FAILED: sql exec: err=7, 22021, DBD::Pg::st execute failed: ERROR: invalid byte sequence for encoding "UTF8": 0xd864 - when turning an infection report into a spam report, avoid adding newly discovered virus names (i.e. fraud names) to a cached list if these names are already listed; previously the list would just grow on each passage through a cache, leading to unsightly long lists of spam tests in a report; based on a patch by Henrik Krohns; - fix diagnostics when an invalid command line argument is given; OTHER - reduce log clutter when certain Perl modules are loaded late, i.e. after chrooting and daemonizing, but still before a fork; now only issue one log entry by a parent process: "extra modules loaded after daemonizing: "; - slightly relax mail address syntax in subroutine split_address; - fetch additional information (tags) from SpamAssassin: TESTS, ASN, ASNCIDR, DKIMDOMAIN and DKIMIDENTITY, making them available through a macro 'supplementary_info' (if a version of SpamAssassin in use provides them); - updated DKIM section in amavisd-new-docs.html, removing the historical DomainKeys milter from examples; - declared a dummy subroutine dkim_key() and new dummy configuration variables @dkim_signature_options_bysender_maps, %signed_header_fields, $reputation_factor, @signer_reputation_maps and $sql_partition_tag, members of policy banks, in preparation for 2.6.0 - declared now for improved downgrade compatibility of 2.6.0 configuration files, if need arises.
2008-02-19Sort some PLIST entries.reed1-4/+4
2008-02-18Make this more cut-and-paste-friendly.jlam1-4/+4
2008-02-18Actually add that prestart function as a start_precmd. Ride previousjlam1-1/+2
PKGREVISION bump.
2008-02-18+ Add full DESTDIR support.jlam3-27/+46
+ Create any required directories with the right ownership and permissions as a "prestart" action in the authdaemond rc.d script. Bump the PKGREVISION to 1.
2008-02-18Add changes from NetBSD src that add casts to fix warnings on platformsjlam9-3/+155
where size_t is unsigned long.
2008-02-18Update security/openpam to openpam-20071221 (Hydrangea). Changes fromjlam6-30/+24
version 20050616 (Figwort) include: - ENHANCE: API function arguments are now const where appropriate, to match corresponding changes in the Solaris PAM and Linux-PAM APIs. - ENHANCE: corrected a number of C namespace violations. - ENHANCE: the module cache has been removed, allowing long-lived applications to pick up module changes. This also allows multiple threads to use PAM simultaneously (as long as they use separate PAM contexts), since the module cache was the only part of OpenPAM that was not thread-safe.
2008-02-16Allow SFS_USER and SFS_GROUP to be overridden, instead of hardcodedapb1-8/+11
to sfs:sfs. Bump PKGREVISION.
2008-02-16Deal with fourth arg to mount(2) in NetBSD. It appeared betweenapb2-1/+18
4.99.23 and 4.99.24.
2008-02-12-msfadrianp1-2/+1
2008-02-12Remove msf v2.x for a number of reasons:adrianp5-1192/+0
* v3.x is now out * Any patches to update files for where interpreters are get overwritten the next time you update the msf files from metasploit.org. This renders the PLIST useless.
2008-02-07The package supports installation to DESTDIR.heinz1-1/+2
2008-02-07Updated to version 2.24.heinz2-8/+9
Pkgsrc changes: - The package supports installation to DESTDIR. Changes since version 2.19: =========================== Revision history for Perl extension Crypt::CBC. 2.24 Fri Sep 28 11:21:07 EDT 2007 - Fixed failure to run under taint checks with Crypt::Rijndael or Crypt::OpenSSL::AES (and maybe other Crypt modules). See http://rt.cpan.org/Public/Bug/Display.html?id=29646. 2.23 Fri Apr 13 14:50:21 EDT 2007 - Added checks for other implementations of CBC which add no standard padding at all when cipher text is an even multiple of the block size. 2.22 Sun Oct 29 16:50:32 EST 2006 - Fixed bug in which plaintext encrypted with the -literal_key option could not be decrypted using a new object created with the same -literal_key. - Added documentation confirming that -literal_key must be accompanied by a -header of 'none' and a manually specificied IV. 2.21 Mon Oct 16 19:26:26 EDT 2006 - Fixed bug in which new() failed to work when first option is -literal_key. 2.20 Sat Aug 12 22:30:53 EDT 2006 - Added ability to pass a preinitialized Crypt::* block cipher object instead of the class name. - Fixed a bug when processing -literal_key.
2008-02-07The package supports installation to DESTDIR.heinz3-7/+13
A C compiler is necessary.
2008-02-07Needs GNU nroff to format catpages with -mandoc.tnn1-1/+2
2008-02-06Fix build on HPUX:tnn1-1/+3
in HP's alternate universe, MAP_ANON is called MAP_ANONYMOUS.
2008-02-05Update p5-IO-Socket-SSL to 1.13.obache2-6/+6
v1.13 - removed CLONE_SKIP which was added in 1.03 because this breaks windows forking. Handled threads/windows forking better by making sure that CTX from Net::SSLeay gets not freed multiple times from different threads after cloning/forking - removed setting LocalPort to 0 in tests, instead leave it undef if a random port should be allocated. This should fix build problems with 5.6.1. Thanks to <andrew[DOT]benham[AT]thus[DOT]net>
2008-01-31Increase the BUILDLINK_API_DEPENDS.gnutls to at least gnutls>=1.2.6reed1-2/+2
which is still very old. This fixes problem where building something depending on gnutls when old gnutls is already installed using liblzo won't buildlink because lzo is not installed. This forces a newer gnutls to be installed that uses lzo instead.
2008-01-29Need to allow leading underscore of OPENPAM_VERSION for old(?) version.obache1-2/+2
2008-01-28Changes 2.1.16:adam7-19/+22
Unfortunate bug introduced in 2.1.15 that broke generated firewall script for iptables in case option "use iptables-restore" was on is fixed in this release. Additional checks were added to the generated script for iptables to improve error detection and make sure the GUI properly detects when it terminates with error. Support for load balancing with PF was also added.
2008-01-28Remove leading underscore from OPENPAM_VERSION for BUILTIN_VERSION.openpam,bjs1-2/+2
as openpam "Hydrangea" now defines OPENPAM_VERSION. This caused the version inquiry to fail.
2008-01-28pkglint says:rillig2-3/+3
ERROR: security/dsniff/Makefile.common:4: PKGREVISION must not be set outside the package Makefile.
2008-01-25Updated to version 1.05.heinz2-7/+10
Pkgsrc changes: - Added missing HOMEPAGE. - The package supports installation to DESTDIR. - A C compiler is necessary. Changes since version 0.05: =========================== 1.05 - Fri Nov 9 05:39:09 2007 * This version fixes the signed integer problems that Solaris had. * Now this module require perl 5.6. * You don't need to upgrade if your system isn't Solaris. 1.04 - Mon Oct 15 14:27:00 2007 * Quashed warnings about overflows by casting numbers to unsigned ints. * This compiles warning-free and passes all tests on Solaris 10 with gcc 3.4.6, so it might take care of RT # 27632 1.04_02 - Wed Sep 19 19:24:06 2007 * remove test files that shouldn't be there 1.04_01 - Wed Sep 12 15:34:24 2007 * This developer release explores the Solaris bug noted in RT # 27632. Some Solaris installations may be encrypting or decrpyting incorrectly. 1.04 - Fri Feb 23 11:20:44 2007 * Todd Ross adjusted rijndael.h to use __sun to identify Solaris boxes. GCC uses __sun__ or __sun, but Solaris cc only uses __sun : http://blogs.sun.com/morganh/date/20060928 * If you've already compiled this module, you don't need to upgrade 1.03 - Thu Feb 22 15:42:04 2007 * Updated distro to include missing Pod tests * No code changes 1.02 - Thu Jan 25 14:48:51 2007 * Updated docs to show cipher modes. No need to upgrade if you already have this. 1.01 - Wed Jan 10 19:14:14 2007 * Bump to a release version. This is the same as 0.06_10. * This release should fix the problems with INT types on all platforms, including 64 bit platforms. 0.06_10 - Wed Jan 10 00:35:10 2007 * Let's try the int type for MinGW:wq 0.06_09 - Fri Dec 15 08:12:02 2006 * Updated header file to handle Solaris special case * I think this might be the release candidate for 0.07! :) 0.06_08 - Wed Nov 29 19:51:33 2006 * Adjusting WIN32 targets for typedefs. Some things look like both Unix and Windows, so I don't want compilers to choke if it tries to redefine types. 0.06_07 - Mon Nov 27 10:37:18 2006 * more header file fiddling to get everyone to define the right abstract types. This time check for _SYS_TYPES_H 0.06_06 - Fri Nov 17 14:56:19 2006 * Fooled with header file some more, and tested it myself on Cygwin. Instead of checking for WIN32, just check for __CYGWIN__ 0.06_05 - Fri Nov 17 11:13:25 2006 * The last two revisions seem to not define UINTxx and ends up with a parse error. Let's try this, as I go off to dig out my Windows box. 0.06_04 - Wed Nov 15 14:43:37 2006 * Try UINT patch from David Golden to get this to work on MinGW 0.06_03 - Wed Nov 15 11:07:08 2006 * Re-jiggered logic to define UINT32 and UINT8. First I'll try sys/types.h, then check if they are already defined elsewhere, and lastly hardcode the typedefs based on platform. The previous release (0.06_02) had some problems on Windows from conflicting typedefs (similar to the cygwin problems with libjpeg and X), so I guard my typedefs by checking for previous definitions. Let's hope those previous definitions are right :) 0.06_02 - Sun Nov 12 16:23:07 2006 * Let's try some hardcoded types for UINT(32|8) for Windows. 0.06_01 - Sun Nov 12 10:38:56 2006 * Adjust version number to match distro number (RT #4227) * Use <sys/types.h> instead of hard-coding (RT #22755, 9514, 18812, 1444, 503). * This module is now maintained by brian d foy (bdfoy@cpan.org)
2008-01-24Update dependency, it builds with openssl-0.9.8tnn1-2/+2
2008-01-24Append {,nb*} to a dependency.tnn1-2/+2
2008-01-23Also used by security/cy2-ldapdb/Makefile.obache1-1/+2
2008-01-22Distribution file was changed after sudo 1.6.9p12 was released. :-(taca2-5/+7
config.h.in configure configure.in ldap.c Add DIST_SUBDIR to handle this situation. Bump PKG_REVISION.
2008-01-22Fixed pattern to strip nb*.obache1-2/+2
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 17:04:42 +0000