summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2005-09-08Catch some NetBSD statvfs() checks phrased alternatively as > 200030000abs2-4/+4
rather than >= 200040000 and one enterprisingly hidden as > 200050000
2005-09-08Define USE_GETLOGIN for preprocessor instead so it later just DTRT.salo1-3/+2
Should fix PR pkg/30965 (the same issue was uncovered while working on a pullup ticket #738)
2005-09-06- Move plugins to libdata - suggestion from salo@ in private emailadrianp4-41/+45
- Bump to nb2
2005-09-06Revision bump after changing security/gnutls/buildlink3.mkadam1-9/+9
2005-09-05amavisd-new has stricter version requirements now (PR#31050 should havecube1-3/+4
been used for the update). Bump PKGREVISION... [hi marc!]
2005-09-05buildlink3.mk matches Makefile nowadam2-6/+5
2005-09-04update to amavisd-new 2.3.3recht2-6/+6
patch provided by eggert at macvaerk dot dtu dot dk in PR 31127 changes: Version 2.3.3 is a maintenance release over 2.3.2. Besides fixing known problems and providing some optimizations, no new features were added. If using SpamAssassin older than 3.1, an upgrade of either SA to 3.1, or an upgrade of amavisd-new to 2.3.3 is recommended. - privacy: add a safety fuse / workaround around calls to SA to detect SA's failure (in SA versions before 3.1) to catch a failed exec() in a forked process, which could produce runaway process clones. See SA bug report #4370. An incident of a mail copy being delivered to unrelated recipient reported by Joel Nimety; - privacy: turn warning into a fatal error when a quarantine ID of a message requested for a quarantine release does not match the requested mail_id; - security: require minimal version 1.35 of Compress::Zlib to avoid vulnerability in the zlib compression library; - the dsn_cutoff_level should have been ignored if undefined according to documentation, but was not, causing DSN to be suppressed regardless of spam level; discovered by Gary V; - ensure the banned check is not performed if all recipients agree it is not needed, even in presence of $banned_namepath_re; undesired behaviour (not strictly incorrect) reported by Joel Nimety; - missing import of lookup_ip_acl in module Amavis::In::AMCL caused failure in sendmail milter setup when using the new AM.PDP protocol; reported by Mic And; - document and explicitly define handling of syntactically invalid IP address in lookup_ip_acl: it matches a zero-length-mask net, a constant lookup table, or a hash entry with an undef key, but no other entries in IP lookup tables; syntactically invalid IP addresses are now logged; - fix parsing if IPv6 address in $notify_method and $forward_method in case of dynamic destination override (the use of '*' in method fields); - check during startup that $myhostname is a fully qualified domain name (or 'localhost', if you must), and abort if it isn't, otherwise a non-FQDN can end up in places where RFC 2822 does not allow it; if uname(3) does not provide a FQDN, then an assignment to $myhostname must be done explicitly in amavisd.conf; - when quarantining to a single file in mbox format the 'From ...' line needs an English date, regardless of current locale; fixed by globally setting locale LC_TIME to "C"; - pass on the parameter BODY=8BITMIME on MAIL FROM when submitting to MTA when original message reception indicated it is needed (RFC 1652). Note that mail forwarding may now fail if the feeding MTA requests BODY=8BITMIME SMTP service extension (or just passes data with msb set), but the MTA on the output side does not allow the use of the BODY parameter in SMTP. In case of Postfix this may only happen when receiving service on port 10025 is misconfigured and does not announce ESMTP capability and support for the SMTP service extension 8BITMIME; - RFC 2554 requires auth_param to be xtext-encoded addr-spec (no angle brackets) or "<>", not the xtext-encoded addr-spec enclosed in angle brackets (when specifying submitter during authentication); fixed; - apply some sanity limit on collected bad-header samples to ensure that a grossly broken mail does not unnecessarily fill up memory; - when sending recipient warnings for viruses, banned files, or bad headers, recipient address must not be rfc2822-quoted twice; fixed; - fix interpretation of $defang_all to really imply all; previously it only affected clean messages; - in quarantined mail the reported spam score in X-Spam-Status header field now includes maximum of all by-recipient score boosts (less surprising when soft-whitelisting through @score_sender_maps is in use); suggested by Mike Cappella and Gary V; - when a policy delegation protocol attribute "request" is not "AM.PDP" (perhaps it is a Postfix policy delegation request) don't attempt to find and open a mail file; - do_ascii and do_unarj: set environment variable TMPDIR or a command line temporary directory option to "$tempdir/parts" instead of $TEMPBASE to minimize possible pollution of top level directory; - don't abort even if amavisd.conf returns undef as a final value, as long as there are no errors reading or interpreting it; - if during 'amavisd stop' or 'amavisd reload' the old running daemon does not go away for one minute after sending it a SIGTERM, use a bigger hammer and send it a SIGKILL; suggested by Sven Riedel; - extend LDAP lookups to allow multiple search attributes (multiple occurrences of %m in a query); a patch by Michael Hall (and a similar one by Matthias Bandemer); - LDAP lookup on an empty envelope address (e.g. a null return path) adds another lookup key "<>", as it is difficult if not impossible to have LDAP attributes with empty string as a value; by Michael Hall; - LDAP.schema: drop "MUST ( mail )" from objectclass 'amavisAccount'; suggested by Michael Hall; - updated comments and documentation, most notably the README.chroot; - contributed file Macintosh.tar.gz updated by Dale Walsh; COMPATIBILITY - replaced 'hits=' with 'score=' in inserted X-Spam-Status header field (and in some internal log entries) for compatibility with a changed default in SpamAssassin 3.1; - insert X-Spam-Score header field for compatibility with SA (previously insertion of this header field was commented-out because the information is redundant, as the score already appears in X-Spam-Status); OPTIMIZATION - speed up sending a mail header or full defanged (rewritten) mail over SMTP back to MTA by a factor of 4 by buffering header fields into large chunks to avoid bottleneck in Net::Cmd::datasend, which has lots of overhead for line-by-line writes. Previously slow writes mostly affected mail messages with extreme header lengths (such as results of a broken mail loop), or when delivering defanged messages, particularly at sites with large MTA mail size limits, sometimes to a point of exceeding timeout limits; reported by Dominik Weber and Ralf Hildebrandt; - move subroutine lookup_ip_acl() and associated ip_to_vec() into its own dedicated new package Amavis::Lookup::IP; provide a constructor to pre-parse IP lookup tables to speed up IP lookups in lookup_ip_acl; prepare pre-parsed commonly used IP lookup tables (@mynetworks_maps, @publicnetworks_maps, @inet_acl); - optimized reading loop in SMTP DATA state, receiving data is now about 35% faster when mail size limit is not enforced (which is a default); no speedup when mail size limit _is_ enforced; - cache results of evaluated macros during a single call to expand(), as macro calls often come in pairs, like: [?%e||\[%e\] ] or [? %#T ||, Tests: [%T|,]]; together with the above optimization in pre-parsed IP lookups it shaves off 25% of time in preparing main log entry; - set locale LC_TIME to "C" globally, avoid changing and restoring locale for every log write and when generating RFC2822 timestamps; - added an optimization note in README.sql about indexes and about SELECT count(*) in MySQL with InnoDB; investigation by Paolo Cravero; --------------------------------------------------------------------------- June 29, 2005 amavisd-new-2.3.2 release notes INCOMPATIBILITY with 2.3.1 and earlier versions: If running amavisd daemon in chroot please note: Each child process now opens its own syslog connection or a file descriptor to a log file, and no longer inherits a connection from its parent. When running in chroot jail and logging to syslog, the syslog client routines need syslogd socket to be present in the chroot subtree to be able to establish a connection with syslogd, otherwise logging output may be lost. Additional syslogd sockets (to be made available in the jail) may be requested from the syslogd daemon, see its documentation. This requirement is equivalent to the requirement of chrooted Postfix services (see Postfix documentation file BASIC_CONFIGURATION_README). BUG FIXES since 2.3.1: - do not enforce $MAXFILES limit during top-level MIME decoding to avoid tempfailing mail; MIME parts are still counted, so a limit exceeded may still be reported during subsequent decoding, but this is handled more gracefully and does not cause preserved temporary directories to be left behind; reported by Marcin Lemanski; suggested by Stephane Lentz and Robert LeBlanc (noted in the 2.0 release notes); - use recv() instead of read() to get results from daemonized virus scanners in an attempt to avoid a bogus Perl I/O status on some Linux installations (reported by Sander Steffann); we now get a meaningful status codes like ECONNRESET instead of a bogus EBADF (Bad file descriptor); - ignore status ECONNRESET when reading results of a daemonized virus scanner from a socket, specific to some Linux versions; thanks to Sander Steffann for the initial report and extensive help in debugging the Perl problem; - run_av and other similar code sections: replace line-by-line reads by block-by-block reads wherever possible to avoid inappropriate status report EBADF (Bad file descriptor) caused by Perl I/O bug when last line is not terminated by a newline. The problem was affecting reading response from some command line virus checkers; reported by Sander Steffann; - ignore status EAGAIN when reading results on a pipe from a forked process; the status EAGAIN seems to be an artifact of Perl I/O on some installations; reported by several people to cause problems on FreeBSD with Perl 5.8.7 (but Perl 5.8.6 is fine); thanks to Bart Matterne for testing and feedback; - allow one level of indirection when collecting %needed_protocols; global setting $protocol='COURIER' did not work, a workaround was needed with previous version, e.g.: $policy_bank{'QMQPqq'}={protocol=>'QMQPqq'}; reported by Nicklas Bondesson and Martin Orr; - fix a bug (introduced with 2.3.0) in Courier and QMQPqq setups, where global information about processed message wasn't always reset and could leak into processing of a subsequent message; reported by Nicklas Bondesson; - SQL: fix arguments in calls to last_insert_id(), failing under PostgreSQL (MySQL didn't mind); pointed out by Henrik Krohns; - if module SAVI is loaded, insist it is version 0.30 or later; incompatibility with earlier versions reported by Andrzej Kukula; - make use of the new Net::Server 0.88 hook run_n_children_hook() to reload SAVI database; removes a need to apply SAVI patch to Net::Server; the Net::Server hook was suggested by Paul B. Henson and others, and incorporated into Net::Server 0.88 by Paul Seamons; - reopen log file or syslog connection in each child process to make it use its own file descriptor; also minimizes transients when syslogd is restarted and its socket re-created, as reported by Les Ault. When running in chroot please make sure a syslogd socket is also available in the chroot jail, see README.chroot for syslogd options (and BASIC_CONFIGURATION_README in Postfix documentation for the Postfix equivalent); - close log file or syslog in forked process before exec, just to play nicely; - do_lha: fix extracting archive member filename in case of broken archive or empty name (avoid interpreting creation date as a file name); do not increment OpsDecByLha counter for empty archives, which are most likely not lha archives at all; - obey $final_bad_header_destiny D_DISCARD or D_REJECT even for messages with bad headers from mailing lists or with a null envelope sender (DSN); previously such messages were passed; undesired behaviour reported by Cami Sardinha. Such messages are still let through with $final_bad_header_destiny set to D_BOUNCE, as otherwise they will be lost because a bounce is suppressed for null sender messages and for mail from mailing list. This behaviour is retained for backwards compatibility, but may need to be reconsidered. - fix regexp for extracting am_id from amavis-milter helper program requests; - if fork/exec fails, try to commit suicide in forked process with POSIX::_exit(1) first, before trying kill('KILL',$$) as a last resort; - updated $log_templ example in amavisd.conf-sample to match the default; pointed out by Gary V; - further reduce a couple of more frequent Perl warnings about the use of uninitialized values in expressions; - pre-load additional Perl modules required by SA 3.1 plugins; - require minimal versions of modules: Time::HiRes 1.49, Archive::Zip 1.14; - replaced nonexistent variable @sa_spam_modifies_subj_maps by @spam_modifies_subj_maps in commented-out example in amavisd.conf-sample; noticed by Joachim Schoenberg; LDAP CHANGES by Michael Hall: All the LDAP changes are transparent to the user. - rewritten some of the code similar to the restructuring of the SQL code in version amavisd-new-2.3.0. A new package Amavisd::LDAP::Connection was added which is a LDAP connection object, and the old connection-related code in Amavis::Lookup::LDAP has been moved to the new package. Amavisd-new will now try to reconnect (once) while processing a message, similar to SQL; - added the ability to specify a '%d' (domain) token in the LDAP base DN; based on idea from Alexander Wittig; - updated default LDAP port based on whether SSL/TLS is being used or not; based on idea from Timo Veith; - updated the search code to query for multiple records and return the results sorted in 'make_query_keys' order versus doing a query for each key. As a result performance is enhanced, and the tweaks 'ldap_get_all', and 'use_query_keys' (recently added) are no longer applicable or needed and have been removed; - improved LDAP error reporting and misc changes to multivalued attributes; - documentation changes (amavisd.conf-default, README.lookups); MINOR IMPROVEMENTS: - macro %c (commonly used in a log template) reports spam score no longer as a single number, but as an explicit sum of a SA score and a by-sender boost score (from @score_sender_maps) when boost score is nonzero; suggested by Ed Walker; - enhancement to amavisd-release: if its only command line argument is '-', then read arguments from stdin, one release request per line, ignoring empty lines; input lines have the same format as command line arguments, i.e.: mail_file mail_file secret_id mail_file secret_id alt_recip1 alt_recip2 ... - better handle cases where a persistent temporary file email.txt as prepared by the SMTP server module gets replaced as a result of some user program modification (e.g. when invoking altermime); problems reported by Dinesh Shah and Leonardo Rodrigues;
2005-09-03Added security/bcryptxtraeme1-1/+2
2005-09-03Initial import of bcrypt-1.1.xtraeme5-0/+59
Bcrypt is a cross platform file encryption utility. Encrypted files are portable across all supported operating systems and processors. Passphrases must be between 8 and 56 characters and are hashed internally to a 448 bit key. However, all characters supplied are significant. The stronger your passphrase, the more secure your data. In addition to encrypting your data, bcrypt will by default overwrite the original input file with random garbage three times before deleting it in order to thwart data recovery attempts by persons who may gain access to your computer.
2005-09-03Update to include security warning for:adrianp2-5/+7
http://secunia.com/advisories/16669/
2005-09-02Mark this package as only available on NetBSD 3.0 and newer andtron1-1/+3
Linux 2.6.x and newer.
2005-08-30Avoid compiling the path to the "gzip" wrapper script into the binary,tron1-4/+4
bump package revision.
2005-08-30this one doesn't look useful anymoredrochner2-14/+1
2005-08-30Changes 1.2.6:adam2-9/+9
- MiniLZO updated to version 2.01 and moved to separate directory. - Collision between system LZO header files and MiniLZO header file fixed. - Will now test for liblzo functionality in liblzo2 too. - Minilibtasn1 is now 0.2.14 (no code changes). - Some code changes to avoid GTK-DOC warnings. - API and ABI modifications: No changes since last version.
2005-08-30Changes 0.5.7:adam6-60/+15
* Various build fixes, to make version info not say 0.5.5 any more. Changes 0.5.6: * Use libtool -export-symbols-regex instead of GNU ld script. * Fix license with new FSF address. * Test for socklen_t, needed for libgcrypt on some platforms. * A few configure/build fixes. * Don't use malloc.h.
2005-08-30Changes 0.2.15adam2-6/+6
- Gnulib is used to implement memmove if your system does not have it. - Simplified assert/error handling slightly.
2005-08-30Update to 0.76. From the changelog:schmonz2-6/+6
- Fixed the autoconvert feature of cvm-vmailmgr to set the permissions and ownership of the created password table to that of the original. - Added a feature to all qmail-based modules to treat all domains as local if $CVM_QMAIL_ASSUME_LOCAL is set.
2005-08-29update to 180drochner4-22/+27
changes: -manpage added -fix for BUG#210: use start_tls on referrals if configured to do so -when handling new password policy control, only fall through to account management module if a policy error was returned (CERT VU#778916) pkgsrc change: use /etc/pam_ldap.conf as config file, to distinguish from nss_ldap
2005-08-27this needs getopt_long.grant1-1/+4
2005-08-25Correct patchsum so that distinfo does not reference missing patchesshannonjr1-5/+1
patch-ba, patch-bb, patch-bc, and patch-bd.
2005-08-24 Fixed ssh_encode_* calls to have casts to SshUInt32 or size_tkivinen10-3/+140
to get it working properly on the 64-bit platform (amd64).
2005-08-24Update to 0.75. From the changelog:schmonz3-13/+11
- Added an "autoconvert" mode to cvm-vmailmgr, which converts encrypted passwords to plain-text on successful authentication if $VMAILMGR_AUTOCONVERT is set.
2005-08-23Include sys/types.h. This fixes configure on DragonFly. Bump PKGREVISION.reed3-6/+38
Okayed by lha@. I tested on Linux and DragonFly. I got this from Joerg Sonnenberger. On DragonFly, the configure errored like: /usr/include/openssl/md5.h:110: error: syntax error before "size_t" In file included from conftest.c:34: /usr/include/openssl/sha.h:109: error: syntax error before "size_t" This caused tests to break and it ended up building and installing libdes and des.h, md4.h, and related headers. So later libgssapi needed this libdes which was not buildlinked which broke kdelibs3 build.
2005-08-23The real user name in PKG_USERS does not need to be escaped with doublerillig7-14/+14
backslashes anymore. A single backslash is enough. Changed the definition in all affected packages. For those that are not caught, an additional check is placed into bsd.pkginstall.mk.
2005-08-22check for /usr/include/skey.h on NetBSD - in case dist with MKSKEY=noabs1-2/+2
2005-08-22Update to version 2.3.1. From PR#31015 by Julian Dunn.cube4-19/+20
Here's an excerpt from the rather long RELEASE_NOTES included in the distribution: QUICK OVERVIEW: Provides more flexible configuration of decoders. Allows recipients to have individual banning rules. Assigns a long-term unique id to each message, reducing clashes and facilitating retrieval of information. The daemon can store information to a SQL database for logging, reporting and quarantine retrieval, optionally storing entire message to a SQL database. File-based quarantine can disperse files to 62 subdirectories. Provides a quarantine release mechanism. Reconnects to SQL if connection is broken. Can skip quarantining high-score spam. Compatibility with IPv6-enabled Postfix is improved. SECURITY: - require minimal version 1.05 of Convert::UUlib to avoid a known security problem in the underlying uulib (likely to be exploitable);
2005-08-21Update "ipsec-tools" package to version 0.6.1. Changes since 0.6.1rc1:tron3-22/+6
- src/racoon/dnssec.c: fix bogus test on function result - src/racoon/isakmp.c: Improved in/out SA addresses check in purge_remote() - src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings - src/racoon/privsep.c: Fixed a %d -> %zu in port_check()
2005-08-20The plugins directory is under ${PREFIX} and we install a plugin injlam2-4/+4
there already, so don't use OWN_DIRS -- just use @dirrm. Bump the PKGREVISION to 2.
2005-08-19Reformat first paragraph. When the package name was expanded,reed1-5/+5
the first line was too long and wrapped.
2005-08-19Merge CONF_FILES/SUPPORT_FILES and CONF_FILES_PERMS/SUPPORT_FILES_PERMSjlam4-24/+14
as the INSTALL and DEINSTALL scripts no longer distinguish between the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the packages in pkgsrc accordingly.
2005-08-18Remove hard-coded reference to $PREFIX/etc which is not accuratereed1-17/+3
and remove documentation.
2005-08-16For NetBSD's crippled OpenSSL distribution, create an <openssl/des_old.h>jlam1-2/+10
header in the buildlink directory that just pulls in /usr/include/des.h. This should allow packages that purposely include <openssl/des_old.h> on post-0.9.7 versions of OpenSSL to find it on NetBSD.
2005-08-12update to 0.7.9drochner3-8/+12
changes: * Better documentation [Adam Schreiber] * Keyring backups not world readable. [Adam Schreiber] * Nautilus context menu items cleaned up. * Better file association for armor encoded keys. * Create agent socket inside user"s home directory. * Clearer status text for key operations. * Cleaned up menus and added GNOME features like dynamic accelerator assignment (ie: using GtkUIManager). * HIG polish and UI fixes. [Jim Pharis, Flavio daCosta] * Better command line handling and aded command line help. [Adam Schreiber] * Many bug and crasher fixes. -translation updates
2005-08-12update to 1.0.3drochner2-7/+6
changes: -license changed to LGPL -changed default for "include certs" to use the backend's setting -bugfixes
2005-08-11Update security/courier-authlib to 0.57. Changes from version 0.55jlam7-115/+172
include: * authlib: create the authtest and authpasswd manual pages. * authdaemon.c (auth_generic): Silly bug in auth_generic(). * authldaplib.c (auth_ldap_do3): Fix call of authcryptpasswd(). * authpgsqllib.c (auth_pgsql_setpass): Ditto. * authmysqllib.c (auth_mysql_setpass): Ditto. * authmysqllib.c (auth_mysql_setpass): Fix a memory leak. * authpipe: more fixes to the authpipe module. * authpipe: various fixes to the authpipe module. * authpipe.c (auth_pipe_pre): Fix zombies created by the authpipe module. * New authpipe authentication module. * authldap.schema: Add mailhost to the recommended LDAP schema. * README_authlib.sgml: Document updated authpipe protocol. * cryptpassword.c (authcryptpasswd): Fix handling of encryption hints. * checkpassword.c (do_authcheckpassword): Ignore {CRYPT} prefix on crypted passwords. * checkpasswordsha1.c (authcheckpasswordsha1): Fix {SHA256} passwords. * authdaemond.c: Strip full name/gecos field after the first comma. * authdaemond: Pass LOGGEROPTS option to authdaemond. * liblog/logger.c: Fix wrong args to setuidgid(). * liblog/logger.c: Added -droproot option to courierlogger. * liblock/lockdaemon.c: Try to recover if upgraded daemon process runs under a different uid. * Changed -uid and -gid options to -user and -group for consistency with couriertcpd. Change them to affect courierlogger itself, after it has spawned any child. * Optional default domain for authentication requests. * Fix the error code when an empty password is provided.
2005-08-10Remove the abuse of buildlink that was pkg-config/buildlink3.mk. Thatjlam8-17/+16
file's sole purpose was to provide a dependency on pkg-config and set some environment variables. Instead, turn pkg-config into a "tool" in the tools framework, where the pkg-config wrapper automatically adds PKG_CONFIG_LIBDIR to the environment before invoking the real pkg-config. For all package Makefiles that included pkg-config/buildlink3.mk, remove that inclusion and replace it with USE_TOOLS+=pkg-config.
2005-08-09Remove explicit dependence on "nessus-core" package because thattron1-2/+1
dependence is inherited from the "nessus-plugins" package anyway.
2005-08-09add a "pam" pkg option and make it work with NetBSD's openpam if enableddrochner4-6/+63
2005-08-08Remove redundant PERL5_CONFIGURE settings as it defaults to "yes".jlam2-6/+2
2005-08-08whitespace removaladrianp2-16/+16
2005-08-07Fix build problem under platforms were "size_t" is not an integer.tron2-1/+17
2005-08-06Bump the PKGREVISIONs of all (638) packages that hardcode the locationsjlam47-134/+131
of Perl files to deal with the perl-5.8.7 update that moved all pkgsrc-installed Perl files into the "vendor" directories.
2005-08-05Update "ipsec-tools" package to version 0.6.1rc1.tron3-8/+22
Changes since version 0.6b2: - NAT-T fixes for situations where NAT-T is not used - OpenSSL 0.9.8 support - keys are not restricted to OpenSSL default size anymore - PKCS7 support - SHA2 support
2005-08-04Add patch-aa to make heimdal compile with gcc-4 (default with darwin 8)tonio3-2/+33
This patch is the same as revision 1.3 of /cvsroot/src/crypto/dist/heimdal/lib/asn1/gen_glue.c by matt@ those cvs log: Don't emit struct units [] anymore. emit a struct units * const foo and in the C file initialize that to the static list. Bump pkgrevision: it changes the binary package on gcc<4 platforms approved by wiz@
2005-08-04Fixed the number of backslashes in the version checking code.rillig2-5/+5
2005-08-04Updated keychain to 2.5.5martti2-6/+6
* lots of bug fixes
2005-08-03Add patch to address msfweb "refang" security updateadrianp3-9/+34
Bump to nb2 make pkglint happy
2005-08-02Sync COMMENT with other perl comments.wiz1-2/+2
2005-08-02Replace references of pkgsrc/mk/bsd.pkg.defaults.mk toreed2-3/+3
pkgsrc/mk/defaults/mk.conf. This is from PR 30741 from anonymous AT example.net.
2005-08-01Use tar, gtar is not really necessary.wiz1-3/+2