Age | Commit message (Collapse) | Author | Files | Lines |
|
security update for mit-krb5
Revisions pulled up:
- pkgsrc/security/mit-krb5/Makefile 1.17-1.18, 1.20
- pkgsrc/security/mit-krb5/PLIST 1.6-1.8
- pkgsrc/security/mit-krb5/buildlink3.mk 1.4
- pkgsrc/security/mit-krb5/distinfo 1.9-1.10
- pkgsrc/security/mit-krb5/files/kadmind.sh 1.2
- pkgsrc/security/mit-krb5/files/kdc.sh 1.2
- pkgsrc/security/mit-krb5/patches/patch-aa 1.2
- pkgsrc/security/mit-krb5/patches/patch-ab 1.2
- pkgsrc/security/mit-krb5/patches/patch-ac 1.2
- pkgsrc/security/mit-krb5/patches/patch-ad 1.2
- pkgsrc/security/mit-krb5/patches/patch-ae 1.2
- pkgsrc/security/mit-krb5/patches/patch-af 1.3
- pkgsrc/security/mit-krb5/patches/patch-ag 1.3
- pkgsrc/security/mit-krb5/patches/patch-ai removed
- pkgsrc/security/mit-krb5/patches/patch-aj 1.2
- pkgsrc/security/mit-krb5/patches/patch-ak 1.1
- pkgsrc/security/mit-krb5/patches/patch-al 1.1
Module Name: pkgsrc
Committed By: jlam
Date: Sun Apr 10 07:15:25 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: Makefile PLIST distinfo
pkgsrc/security/mit-krb5/files: kadmind.sh kdc.sh
pkgsrc/security/mit-krb5/patches: patch-aa patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag patch-aj
Added Files:
pkgsrc/security/mit-krb5/patches: patch-ak
Removed Files:
pkgsrc/security/mit-krb5/patches: patch-ai
Log Message:
Updated security/mit-krb5 to krb5-1.4.
Changes from version 1.3.6 include:
* Merged Athena telnetd changes for creating a new option for requiring
encryption.
* Add implementation of the RPCSEC_GSS authentication flavor to the RPC
library.
* The kadmind4 backwards-compatibility admin server and the v5passwdd
backwards-compatibility password-changing server have been removed.
* Thread safety for krb5 libraries.
* Yarrow code now uses AES.
* Merged Athena changes to allow ftpd to require encrypted passwords.
* Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
* Fix heap buffer overflow in password history mechanism.
[MITKRB5-SA-2004-004]
---
Module Name: pkgsrc
Committed By: jlam
Date: Sun Apr 10 07:45:31 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: PLIST
Log Message:
Remove the examples directory on deinstallation.
---
Module Name: pkgsrc
Committed By: jlam
Date: Sun Apr 10 07:46:51 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-al
Log Message:
Patch from http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt
which fixes MITKRB5-SA-2005-001 (CAN-2005-0468 & CAN-2005-0469) relating
to buffer overflows in the telnet client. Bump PKGREVISION to 1.
---
Module Name: pkgsrc
Committed By: jlam
Date: Mon Apr 11 22:44:54 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: PLIST
Log Message:
The FTP daemon is always named "kftpd" regardless of whether prefix-cmds
is a PKG_OPTION.
---
Module Name: pkgsrc
Committed By: jlam
Date: Thu Apr 14 23:07:55 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: Makefile
Log Message:
Remove unused section... MIT krb5 apparently now detects NetBSD's utmpx
implementation correctly on NetBSD>=2.0.
---
Module Name: pkgsrc
Committed By: salo
Date: Sat Apr 16 14:32:53 UTC 2005
Modified Files:
pkgsrc/security/mit-krb5: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED for latest security fix. (hi jlam!)
|
|
security fix for lsh
Revisions pulled up:
- pkgsrc/security/lsh/Makefile 1.8
- pkgsrc/security/lsh/distinfo 1.4
- pkgsrc/security/lsh/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Sat Apr 30 12:23:42 UTC 2005
Modified Files:
pkgsrc/security/lsh: Makefile PLIST distinfo
Added Files:
pkgsrc/security/lsh/patches: patch-ac
pkgsrc/security/lsh2: DESCR Makefile PLIST distinfo
pkgsrc/security/lsh2/patches: patch-aa patch-ab
Log Message:
Move the freshly update lsh-2.0.1 into a separate pkg and leave
security/lsh at 1.4.3.
lsh-2.0.1 has interoperability problems with openssh servers
(always gets "Invalid server signature" errors).
lsh-1.4.3 is not affected by CAN-2003-0826. Add a patch to address
CAN-2005-0814 and bump PKGREVISION.
|
|
security update for ipsec-tools
Revisions pulled up:
- pkgsrc/security/ipsec-tools/Makefile 1.13
- pkgsrc/security/ipsec-tools/distinfo 1.7
- pkgsrc/security/ipsec-tools/PLIST 1.3
Module Name: pkgsrc
Committed By: manu
Date: Wed Mar 23 16:49:39 UTC 2005
Modified Files:
pkgsrc/security/ipsec-tools: Makefile distinfo
Log Message:
Upgrade to ipsec-tools 0.6b1.
New features:
- PAM support
- privilege separation
---
Module Name: pkgsrc
Committed By: manu
Date: Wed Mar 23 17:27:17 UTC 2005
Modified Files:
pkgsrc/security/ipsec-tools: PLIST
Log Message:
Missing installed files inPLIST
|
|
security update for gnutls
Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.26, 1.28
- pkgsrc/security/gnutls/PLIST 1.13-1.14
- pkgsrc/security/gnutls/buildlink3.mk 1.8
- pkgsrc/security/gnutls/distinfo 1.15-1.16
- pkgsrc/security/gnutls/patches/patch-aa removed
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 8 15:50:41 UTC 2005
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/gnutls/patches: patch-aa
Log Message:
Update to 1.2.1:
* Version 1.2.1 (2005-04-04)
- gnutls_bye() will no longer fail when RDWR is used and application
data are available for reading.
- Added more strict checks for the SRP parameters (g,n), when they
are not in the included list.
- Added warning to certtool when MD5 is being used for digital
signatures.
- Optimizations ("-O2 -finline-functions") are not enabled by default,
instead the standard autoconf defaults are used. Use `./configure
CFLAGS="-O2 -finline-functions"' to get the old optimizations.
- Added the option --get-dh-params to certtool, in order to get the
included in the library primes and generators.
- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to
allow only trusted Version 1 CAs and introduced
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics.
- Nettle self tests now build properly, reported by Pierre
- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites.
Reported by Yoann Vandoorselaere
- Added the functions:
gnutls_x509_crt_list_import(),
gnutls_x509_crq_get_attribute_by_oid(),
gnutls_x509_crq_set_attribute_by_oid() and
gnutls_x509_crt_set_extension_by_oid().
- If the library has been compiled with features disabled, a warning is
issued during the compilation of any program.
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon May 2 12:59:24 UTC 2005
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Log Message:
Update to 1.2.3:
* Version 1.2.3
- Corrected bug in record packet parsing that could lead
to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
gnutls_x509_privkey_fix(): Add.
* Version 1.2.2 (2005-04-25)
- gnutls_error_to_alert() now considers
GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
- Fixed error in session resuming that could cause a crash in
a session.
- Fixed pkcs12 friendly name and local key identifier decoding.
- Internal cleanups, removed duplicate typedef/struct definitions,
and made source code include external include file, to check
function prototypes during compile time.
- API and ABI modifications:
No changes since last version. At least not intentional, but due
to the include header changes, there may be inadvertant changes,
please let us know if you find any.
---
Module Name: pkgsrc
Committed By: salo
Date: Mon May 2 19:48:37 UTC 2005
Modified Files:
pkgsrc/security/gnutls: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED after latest security update. (hi wiz!)
|
|
security fix for heimdal
Revisions pulled up:
- pkgsrc/security/heimdal/Makefile 1.34-1.35
- pkgsrc/security/heimdal/PLIST 1.7
- pkgsrc/security/heimdal/distinfo 1.11
- pkgsrc/security/heimdal/patches/patch-ae removed
Module Name: pkgsrc
Committed By: wiz
Date: Thu Apr 21 14:00:36 UTC 2005
Modified Files:
pkgsrc/security/heimdal: Makefile
Log Message:
lha agreed to maintain this package.
---
Module Name: pkgsrc
Committed By: lha
Date: Thu Apr 21 14:35:47 UTC 2005
Modified Files:
pkgsrc/security/heimdal: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/heimdal/patches: patch-ae
Log Message:
Update to Heimdal 0.6.4. While I'm here, claim maintainership of this
package. Also please pkglint. Changes in heimdal 0.6.4 include:
* fix vulnerabilities in telnet
* rshd: encryption without a separate error socket should now work
* telnet now uses appdefaults for the encrypt and forward/forwardable
settings
* bug fixes
|
|
portability fix for gnutls
Revisions pulled up:
- pkgsrc/security/gnutls/distinfo 1.14
- pkgsrc/security/gnutls/patches/patch-ab 1.1
Module Name: pkgsrc
Committed By: minskim
Date: Sun Apr 3 04:50:21 UTC 2005
Modified Files:
pkgsrc/security/gnutls: distinfo
Added Files:
pkgsrc/security/gnutls/patches: patch-ab
Log Message:
Avoid calling makeinfo because the distfile contains pre-built .info
files. This makes the package build on platforms without makeinfo.
Patch provided by Darrin B. Jewell in PR pkg/29869.
|
|
security fix for putty
Revisions pulled up:
- pkgsrc/security/putty/Makefile 1.2
- pkgsrc/security/putty/distinfo 1.3
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 29 14:40:09 UTC 2005
Modified Files:
pkgsrc/security/putty: Makefile distinfo
Log Message:
Update to 0.57:
PuTTY 0.57, released today, fixes two security holes which can
allow a malicious SFTP server to execute code of its choice on a
PSCP or PSFTP client connecting to it. We recommend everybody
upgrade to 0.57 as soon as possible.
|
|
security fix for gnupg
Revisions pulled up:
- pkgsrc/security/gnupg/Makefile 1.74
- pkgsrc/security/gnupg/PLIST 1.15
- pkgsrc/security/gnupg/distinfo 1.34
- pkgsrc/security/gnupg/options.mk 1.2
Module Name: pkgsrc
Committed By: wiz
Date: Tue Mar 22 17:50:55 UTC 2005
Modified Files:
pkgsrc/security/gnupg: Makefile PLIST distinfo options.mk
Log Message:
Update to 1.4.1:
Noteworthy changes in version 1.4.1 (2005-03-15)
------------------------------------------------
* New --rfc2440-text option which controls how text is handled in
signatures. This is in response to some problems seen with
certain PGP/MIME mail clients and GnuPG version 1.4.0. More
details about this are available at
<http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html>.
* New "import-unusable-sigs" and "export-unusable-sigs" tags for
--import-options and --export-options. These are off by
default, and cause GnuPG to not import or export key signatures
that are not usable (e.g. expired signatures).
* New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper
that uses the cURL library <http://curl.haxx.se> to retrieve
keys. This is disabled by default, but may be enabled with the
configure option --with-libcurl. Without this option, the
existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS
are not supported.
[enabled with the "curl" option for the package]
* When running a --card-status or --card-edit and a public key is
available, missing secret key stubs will be created on the fly.
Details of the key are listed too.
* The implicit packet dumping in double verbose mode is now sent
to stderr and not to stdout.
* Added countermeasures against the Mister/Zuccherato CFB attack
<http://eprint.iacr.org/2005/033>.
* Add new --edit-key command "bkuptocard" to allow restoring a
card key from a backup.
* The "fetch" command of --card-edit now retrieves the key using
the default keyserver if no URL has been stored on the card.
* New configure option --enable-noexecstack.
Also, gpgkeys_mailto is not installed any longer, dropping the
dependency on perl.
|
|
cfs over coda. From Greg Troxel in PR 28479. PKGREVISION++
|
|
provided by libdnet. This was broken during the last update of libdnet to
0.10, as the previous versions did not include the tun stuff.
|
|
|
|
Version 4.5.4 is a bugfix release.
Fixed a string error in the updater.
Fixed a race condition in f-protd where f-protd would report
'Bad file number' on accept() under high loads.
Fixed a crash issue with malformed word macros.
Fixed a memory corruption in the x86 emulation code.
Modified check-updates.pl to automatically detect f-prot version number.
|
|
lukem in PR pkg/29704. Reviewed by recht.
|
|
5.2 - merged in changes for 5.01 - 5.0.4
- added support for using encoding parameters and key derivation parameters
with public key encryption (implemented by OAEP and DL/ECIES)
- added Camellia, SHACAL-2, Two-Track-MAC, Whirlpool, RIPEMD-320,
RIPEMD-128, RIPEMD-256, Base-32 coding
- added ThreadUserTimer for timing thread CPU usage
- added option for password-based key derivation functions
to iterate until a mimimum elapsed thread CPU time is reached
- added option (on by default) for DEFLATE compression to detect
uncompressible files and process them more quickly
- improved compatibility and performance on 64-bit platforms,
including Alpha, IA-64, x86-64, PPC64, Sparc64, and MIPS64
- fixed ONE_AND_ZEROS_PADDING to use 0x80 instead 0x01 as padding.
- fixed encoding/decoding of PKCS #8 privateKeyInfo to properly
handle optional attributes
5.2.1 - fixed bug in the "dlltest" DLL testing program
- fixed compiling with STLport using VC .NET
- fixed compiling with -fPIC using GCC
- fixed compiling with -msse2 on systems without memalign()
- fixed inability to instantiate PanamaMAC
- fixed problems with inline documentation
|
|
support is built into courier-authlib -- -lintl is only needed by the
authpgsql authentication module. This avoids problems when linking
clients with -lcourierauth and the linker thinks -lintl is needed when
it really doesn't. Bump the PKGREVISION to 3.
|
|
|
|
it is needed by ruby16 package.
Now this package includes some fixes for IRIX, too.
|
|
|
|
Approved by wiz.
|
|
|
|
Install the source and let man(1) do it.
(Since this code is actually all commented out, no PKGREVISION bump.)
|
|
|
|
|
|
and what the likely, but opaque, error message is in that case.
|
|
*before* a BSD-with-advertising license was added to their diffs, and other
work done personally by me.
sshd now works. Most permissions checks work properly. Privsep is off by
default, and the sshd user is not created, on Interix until some problems
with privsep are fixed (perhaps by abstracting the auth functionality out
to openpam).
|
|
in the PLIST.
|
|
|
|
|
|
|
|
ruby-openssl with bump PKGREVISION.
|
|
|
|
Class::MethodMaker v1 compatibility interface in Class::MakeMethods.
Bump PKGREVISION.
|
|
Fixes from Christoph Badura, who tested on gnupg-1.2.
This new version works with gnupg-1.4.0 as well as older versions of gpg,
and uses the --list-sigs argument as well as the --with-colons arguments
to gpg.
|
|
|
|
the wrong value. Fix it so that the default is now correctly set to be
/var/authdaemond/socket. Bump the PKGREVISION to 1.
|
|
package builds and works correctly. This approach was taken prior to
this change. The is a problem because pth installs pthread.h in
${LOCALBASE}/include. This causes problems for things like Ada tasking
that depend on native pthreads when also linking against libraries in
pkgsrc (eg., gmp).
This change solve the problem by building a static pth library locally
and linking against it.
|
|
|
|
> $Id: CHANGES,v 1.25 2005/02/20 16:02:21 sm Exp $
> version 0.6.8 (beta) - Sun Feb 20 2004
> * added detection for openssl 0.9.8
> * removed crlDistributionPoint for Root-CA
> * added patch for multiple OUs
> Thanks to Uwe Arndt <arndt@uni-koblenz.de>
> * added patch for multiple subjectAltName extensions
> Thanks to Peter Marschall <peter@adpm.de>
|
|
* Fixed bug which caused hostnames containing hyphens to fail with an error.
* Improved mapping of ID numbers to names in decode. This allows sparse IDs
ranges (e.g. 1,2,3,65000) to be supported, which means that we can now decode
XAUTH authentication method amongst other things.
* Added SO_BROADCAST option to UDP socket to allow sending to broadcast
addresses. Previously this gave a permission denied error.
|
|
* Version 0.2.5 (released 2005-02-08)
** Added self test of EXTERNAL mechanism.
** Vietnamese translation added, thanks to Clytie Siddall.
* Version 0.2.4 (released 2005-01-01)
** The CRAM-MD5 mechanism is now preferred over DIGEST-MD5.
This decision was based on recent public research that suggest MD5 is
broken, while HMAC-MD5 not immediately compromised, and the lack of
public analysis on what consequences the MD5 break have for
DIGEST-MD5. Support for CRAM-SHA1 is under investigation, to enable
users to avoid MD5 completely
** Fixed a bug that prevented SMTP client from working.
** New configure option --disable-obsolete to remove backwards compatibility.
This is mostly intended to be used when compiling for platforms with
constrained memory/space resources.
** DIGEST-MD5 rewritten and enabled by default (see lib/NEWS for details).
** Command line tool now query for realm, hostname and service name properly.
** Documentation updates and improvements.
** Self test improvements.
** Update of gnulib files.
|
|
Reviewed by wiz@
|
|
relevant ones depending on the options chosen. This fixes PR pkg/29465.
Bump the PKGREVISION to 2.
|
|
* Support for slaving lifecycle to a file descriptor
* Translation updates
|
|
The main change is support for printing policies and NAT rules for
firewall objects. Also improvments in the iptables compiler and lots
of bug fixes, to numerous to mentions. See the release notes at:
http://www.fwbuilder.org/archives/cat_release_notes.html#000185
|
|
|
|
to UTC. Fixes PR 29530.
|
|
|
|
|
|
Firewall Builder is a multi-platform firewall configuration and
management tool. It consists of a GUI and a set of policy compilers for
various firewall platforms. Firewall Builder uses an object-oriented
approach, it helps administrators maintain a database of network
objects and allows policy editing using simple drag-and-drop
operations. Firewall Builder currently supports
iptables,
IP Filter,
ipfw,
OpenBSD PF, and
Cisco PIX
fwbuilder provides the GUI frontend and the policy compilers.
|
|
useful.
Firewall Builder is a multi-platform firewall configuration and
management tool. It consists of a GUI and a set of policy compilers for
various firewall platforms. Firewall Builder uses an object-oriented
approach, it helps administrators maintain a database of network
objects and allows policy editing using simple drag-and-drop
operations. Firewall Builder currently supports
iptables,
IP Filter,
ipfw,
OpenBSD PF, and
Cisco PIX
libfwbuilder provides the back-end functionality in a library.
|