| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
OS X Framework.
|
|
Release Notes - Heimdal - Version Heimdal 1.5.2
Security fixes
- CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
- Check that key types strictly match - denial of service
Release Notes - Heimdal - Version Heimdal 1.5.1
Bug fixes
- Fix building on Solaris, requires c99
- Fix building on Windows
- Build system updates
Release Notes - Heimdal - Version Heimdal 1.5
New features
- Support GSS name extensions/attributes
- SHA512 support
- No Kerberos 4 support
- Basic support for MIT Admin protocol (SECGSS flavor)
in kadmind (extract keytab)
- Replace editline with libedit
|
|
This is primarily a bugfix release.
|
|
This is primarily a bugfix release.
* Fix an interaction in iprop that could cause spurious excess kadmind processes
when a kprop child fails.
Changes 1.8.5:
This is primarily a bugfix release.
* Fix MITKRB5-SA-2011-006 KDC denial of service vulnerabilities
[CVE-2011-1528 CVE-2011-1529 CVE-2011-4151].
|
|
Fixed incorrect documentation of how to enable CRL checking.
Fixed incorrect letter in Sebastien in Credits.
Reversed order of the Changes file to be reverse chronological.
Fixed a a compile error when building on Windows with MSVC6.
1.41
Fixed incorrect const signatures for 1.0 that were causing warnings.
Now have clean compile with 0.9.8a through 1.0.0.
1.40
Fixed incorrect argument type in call to SSL_set1_param
Fixed a number of issues with pointer sizes
Removed redundant pointer cast tests from t/
Added Perl version requirements to SSLeay.pm
1.39
Downgraded Module::Install to 0.93 since 1.01 was causing problems in
the Makefile.
1.38
- Fixed a problem with various symbols that only became available
in OpenSSL 0.9.8 such as X509_VERIFY_PARAM and X509_POLICY_NODE,
causing build failures with older versions of OpenSSL.
1.37
- Added X509_get_fingerprint, contributed by Thierry Walrant (with
minor changes die to the fact that stricmp is not avialable. Cert
types must be lowercase. Also added test to 07_sslecho.t
- Added suport for SSL_CTX_set1_param, SSL_set1_param,
selected X509_VERIFY_PARAM_* OBJ_* functions. Added new test
t/local/36_verify.t
- Fixed an uninitialized value warning in $Net::SSLeay::proxyauth
- Update so net-ssleay will compile if SSLV2 is not present.
- Fixed a problem where sslcat (and possibly other functions) expect
RSA keys and will not load DSA keys for client certificates.
- Removed SSL_CTX_v2_new and SSLv2_method() for OpenSSL 1.0 and later.
- Added CTX_use_PKCS12_file contributed by "Andrew A. Budkin".
|
|
|
|
|
|
|
|
|
|
(hi roy! hi rillig!)
2011-12-10 PuTTY 0.62 released
PuTTY 0.62 is out, containing only bug fixes from 0.61, in particular a security fix preventing passwords from being accidentally
retained in memory.
2011-11-27 PuTTY 0.62 pre-release builds available
PuTTY 0.61 had a few noticeable bugs in it (but nothing security-related), so we are planning to make a 0.62 release containing just bug
fixes. The Wishlist page lists the bugs that will be fixed by the 0.62 release. The Download page now contains pre-release snapshots of
0.62, which contain those bug fixes and should be otherwise stable. (The usual development snapshots, containing other development since
0.61, are also still available.)
2011-07-12 PuTTY 0.61 is released
PuTTY 0.61 is out, after over four years (sorry!), with new features, bug fixes, and compatibility updates for Windows 7 and various SSH
server software.
|
|
|
|
|
|
MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service
for creating and validating credentials. It is designed to be
highly scalable for use in an HPC cluster environment. It allows
a process to authenticate the UID and GID of another local or
remote process within a group of hosts having common users and
groups. These hosts form a security realm that is defined by a
shared cryptographic key. Clients within this security realm can
create and validate credentials without the use of root
privileges, reserved ports, or platform-specific methods.
|
|
Upstream changes:
Not complete, the only info mentionned in the Changelog is this:
2011-01-16 -- pycryptopp v0.5.28
re-enable the ECDSA module, but please do not rely on it as it is expected to
change in backwards-incompatible ways in future releases several changes to the
build system to make it tidier and less error-prone -- see revision control
history for details
|
|
Upstream changes:
2011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* Release 0.13
2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly
implemented by Rick Dean, to verify the internal consistency of a
PKey instance.
2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/crypto.c: Fix the sign and verify functions so
they handle data with embedded NULs. Fix by David Brodsky
<lp:~lihalla>.
2011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new
method to the Connection type, get_peer_cert_chain, for retrieving
the peer's certificate chain.
2011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new
method to the X509 type, get_signature_algorithm, for inspecting
the signature algorithm field of the certificate. Based on a
patch from <lp:~okuda>.
2011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
explicitly including a Windows header before any OpenSSL headers.
* OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
explicitly flushing errors known to be uninteresting after calling
PKCS12_parse.
* OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
OpenSSL library does not provide it.
* OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from
MD5 to SHA1 by allowing either hash algorithm's result as the
return value of X509.subject_name_hash.
* OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5
to SHA1 by constructing certificate files named using both hash
algorithms' results when testing Context.load_verify_locations.
* Support OpenSSL 1.0.0a.
2011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
and related constants for retrieving version information about the
underlying OpenSSL library.
|
|
the patch and replace it using the substitution facility with the pkgsrc
determined flag.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
collection.
This is a library for making SSH2 connections (client or server). Emphasis
is on using SSH2 as an alternative to SSL for making secure connections
between python scripts. All major ciphers and hash methods are supported.
SFTP client and server mode are both supported too.
|
|
Upstream changes:
2.5
===
* Added PKCS#1 encryption schemes (v1.5 and OAEP). We now have
a decent, easy-to-use non-textbook RSA implementation. Yay!
* Added PKCS#1 signature schemes (v1.5 and PSS). v1.5 required some
extensive changes to Hash modules to contain the algorithm specific
ASN.1 OID. To that end, we now always have a (thin) Python module to
hide the one in pure C.
* Added 2 standard Key Derivation Functions (PBKDF1 and PBKDF2).
* Added export/import of RSA keys in OpenSSH and PKCS#8 formats.
* Added password-protected export/import of RSA keys (one old method
for PKCS#8 PEM only).
* Added ability to generate RSA key pairs with configurable public
exponent e.
* Added ability to construct an RSA key pair even if only the private
exponent d is known, and not p and q.
* Added SHA-2 C source code (fully from Lorenz Quack).
* Unit tests for all the above.
* Updates to documentation (both inline and in Doc/pycrypt.rst)
* All of the above changes were put together by Legrandin (Thanks!)
* Minor bug fixes (setup.py and tests).
|
|
|
|
Needed on my 5.99.64/amd64 inside a pbulk (manual build outside
doesn't need it, go figure).
|
|
avoid to include own alternative one in libskey,
or it cause some troubles on programs using setusercontext() and skey,
and setusercontext() is only required for bundled skeyaudit(1).
Bump PKGREVISION.
|
|
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)
Enjoy.
|
|
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)
Enjoy.
|
|
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)
Enjoy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changes:
0.21 Sat Aug 13, 2011 Mike McCauley
- Changes to TacacsPlus.pm to permit multiple servers to be specified in
new(). Patches provided by Paulo A Ferreira.
0.22 Wed Jan 18, 2012 Mike McCauley
- Fixed warning under perl 5.14
|
|
|
|
used, force it to be an empty (i.e no suffix).
|
|
|
|
* Auditor: Include the zone name in the log messages.
* ldns 1.6.12 is required for bugfixes.
* ods-ksmutil: Suppress database connection information when no -v flag is
given.
* ods-enforcerd: Stop multiple instances of the enforcer running by checking
for the pidfile at startup. If you want to run multiple instances then a
different pidfile will need to be specified with the -P flag.
* ods-ksmutil: "zone delete" renames the signconf file; so that if the zone is
put back the signer will not pick up the old file.
* Signer Engine: Verbosity can now be set via conf.xml, default is 3.
Bugfixes:
* Bugfix OPENDNSSEC-174: Configure the location for conf.xml with --config
or -c when starting the signer.
* Bugfix OPENDNSSEC-192: Signer crashed on deleting NSEC3 for a domain that
becomes opt-out.
* Bugfix OPENDNSSEC-193: Auditor crashed with certain empty non-terminals.
* Signer Engine: A file descriptor for sockets with value zero is allowed.
* Signer Engine: Only log messages about a full signing queue in debug mode.
* Signer Engine: Fix time issues, make sure that the internal serial does
not wander off after a failed audit.
* Signer Engine: Upgrade ldns to avoid future problems on 32-bit platforms
with extra long signature expiration dates. More information in separate
announcement.
|
|
* The library is now installed in $libdir/softhsm/.
Bugfixes:
* Do not give a warning about the schema version if the token
has not been initialized yet.
* The tools now return the correct exit code.
|
|
Too many changes to list. The master site has moved too:
-HOMEPAGE= http://sandbox.rulemaker.net/ngps/m2/
+HOMEPAGE= http://chandlerproject.org/bin/view/Projects/MeTooCrypto
-MASTER_SITES= http://sandbox.rulemaker.net/ngps/Dist/
+MASTER_SITES= http://pypi.python.org/packages/source/M/M2Crypto/
|
|
|
|
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack
Buffer Overflow
Release Date: 2012/01/19
Last Modified: 2012/01/19
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Suhosin Extension <= 0.9.32.1
Severity: A possible stack buffer overflow in Suhosin extension's
transparent cookie encryption that can only be triggered
in an uncommon and weakened Suhosin configuration can lead
to arbitrary remote code execution, if the FORTIFY_SOURCE
compile option was not used when Suhosin was compiled.
Risk: Medium
Vendor Status: Suhosin Extension 0.9.33 was released which fixes this
vulnerability
Reference: http://www.suhosin.org/
https://github.com/stefanesser/suhosin
|
|
|
|
OpenSSL CHANGES
_______________
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
[Antonio Martin]
|
|
|
|
|
