summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2001-08-06update. fix compilation on alpha.itojun2-6/+6
2001-08-06Update rats to 1.1jun3-7/+10
New in version 1.1: Ability to scan Perl programs for vulnerabilites. Ability to scan Python programs for vulnerabilities.
2001-08-02Mark as USE_BUILDLINK_ONLY.jlam1-1/+2
2001-08-02embed pkg version into binary to help diagnosis.itojun1-1/+2
2001-08-02say goodbye to security/ssh6. per comments on packages@netbsd.itojun53-11418/+1
2001-08-02The telnetd in kth-krb4-1.0.1 seems to be vulnerable to the buffer overflowwennmach12-157/+149
attack described in SA2001-12 (noted by T. M. Pederson <salvage@plethora.net> in PR pkg/13610). Instead of applying the patch submitted by T. M. Pederson, we upgrade kth-krb4 to 1.0.9 where the vulnerability has been fixed. The upgrade to 1.0.9 was provided by Assar Westerlund <assar@netbsd.org> and slightly modified by myself. Also included is diff file for /etc/services for NetBSD-1.5 (and 1.5.1) also submitted by T. M. Pederson <salvage@plethora.net> in PR 12540. Note: files/services.diff resurfaces as files/services-1.4.2.diff. Closes PR 13610 and PR 12540.
2001-08-02make it at least compile on netbsd151 systems. kernel API diffs should beitojun3-1/+33
wrapped by configure.in scripts, however, we don't use them for libipsec part.
2001-08-02GNORE, as it has security holes left behind, and the patchitojun1-1/+3
is not maintained any more. use openssh.
2001-08-02upgrade to 2001/8/2 KAME tree. whole bunch of stabilization were made.itojun2-5/+5
2001-07-30Apply:jun2-1/+24
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-012-telnetd.patch see also ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc
2001-07-28Update to 4150. Old one vanished, new one will probably contain lots morewiz2-5/+5
virus signatures.
2001-07-27Convert to use buildlink.mk files and mark as USE_BUILDLINK_ONLY.jlam1-2/+3
Fixes pkg/13568.
2001-07-27Add dir_DEFAULT setting used by EVAL_PREFIX logic to set the defaultjlam5-5/+10
installation directory in case the package isn't installed.
2001-07-26Use new USE_OPENSSL_VERSION setting to force at least OpenSSL-0.9.6.jlam1-2/+2
2001-07-24Re-add accidentally removed do-build target. -current doesn't need it, butjlam1-1/+5
1.5.x does.
2001-07-23Update to version 3.16.martin3-31/+26
Changes: * Some transfer() bugfixes/improvements. * STDIN/STDOUT are no logner assumed to be non-socket decriptors. * Problem with --with-tcp-wrappers patch fixed. * pop3 and nntp support bug fixed by Martin Germann. * -o option to append log messages to a file added. * Changed error message for SSL error 0. Provided by Martti Kuparinen in PR 13537.
2001-07-22Update ruby-ssl to 0.3.1c.taca2-5/+5
Fri Jul 20 01:26:07 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> * ssl.c (Init_ssl): regardless of scope state, accessors should be public. It is required with 1.6.4 (2001-06-04).
2001-07-20Use "ftp.fu-berlin.de" as first master site because it is about a thousandtron1-2/+3
time faster from Germany and the USA.
2001-07-20Mechanical changes to buildlink.mk files to use EVAL_PREFIX to setjlam2-4/+4
BUILDLINK_PREFIX.<pkgname>. This allows buildlink to find X11BASE packages regardless of whether they were installed before or after xpkgwedge was installed. Idea by Alistair Crooks <agc@pkgsrc.org>.
2001-07-20Mechanical changes to buildlink.mk files to use EVAL_PREFIX to setjlam1-14/+40
BUILDLINK_PREFIX.<pkgname>. This allows buildlink to find X11BASE packages regardless of whether they were installed before or after xpkgwedge was installed. Idea by Alistair Crooks <agc@pkgsrc.org>. Also overhaul code to specify the minimum version of OpenSSL needed by a dependent package. We now set USE_OPENSSL_VERSION to the version number in <openssl/opensslv.h>. Idea also by Alistair Crooks <agc@pkgsrc.org>.
2001-07-20Mechanical changes to buildlink.mk files to use EVAL_PREFIX to setjlam2-4/+4
BUILDLINK_PREFIX.<pkgname>. This allows buildlink to find X11BASE packages regardless of whether they were installed before or after xpkgwedge was installed. Idea by Alistair Crooks <agc@pkgsrc.org>.
2001-07-19Update ruby-ssl to 0.3.1b and utilize USE_OPENSSL_096 for work welltaca3-12/+23
in NetBSD 1.5.1.
2001-07-19We do not need pthreads (as it doesn't work for stunnel), so don't dependmartin1-2/+1
on pth.
2001-07-19Update stunnel to 3.15.martin3-27/+54
Based on a pkg provided by Martti Kuparinen in PR 13484. Changes include: * Serious bug resulting in random transfer() hangs fixed. * Separate file descriptors are used for inetd mode. * -f (foreground) logs are now stamped with time. * New ./configure option: --with-tcp-wrappers by Brian Hatch. * pop3 protocol client support (-n pop3) by Martin Germann. * nntp protocol client support (-n nntp) by Martin Germann. * RFC 2487 (smtp STARTTLS) client mode support. * Transparency support for Tru64 added. * Some #includes for AIX added.
2001-07-18Allow definition of USE_OPENSSL_096 force a minimum dependency ofjlam1-11/+16
openssl>=0.9.6.
2001-07-17Fix patch-ab to not have hardcoded /usr/pkg.nra3-59/+11
2001-07-17Use MESSAGE_SUBST (and its default settings) instead of manually doingwiz2-14/+6
the same.
2001-07-17Enable logcheck.nra1-1/+2
2001-07-17Add logcheck-1.1.1. PR #13271 by Martti Kuparinen.nra8-0/+242
Auditing tool for system logs on Unix boxes. Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. Logcheck is part of the Abacus Project of security tools. It is a program created to help in the processing of UNIX system logfiles generated by the various Abacus Project tools, system daemons, Wietse Venema's TCP Wrapper and Log Daemon packages, and the Firewall Toolkit(c) by Trusted Information Systems Inc.(TIS). Logcheck also works very well at reporting on other common operating system security violations and strange events.
2001-07-16Update ruby-ssl to 0.3.1.taca4-21/+12
Sun Jun 17 23:27:52 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> * make it the release 0.3.0 Sun Jun 17 16:23:19 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> * sample/verify_cb.rb: for SSLSocket#verify_callback= * sample/x509.rb: new sample for X509. * sample/login.rb: new sample for Net::Telnet. Sun Jun 17 16:07:12 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> * lib/net/protocols.rb: split NetPrivate from https.rb. Sun Jun 17 15:03:02 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> * lib/net/https.rb: use forwardable.rb. * lib/net/https: follow SSLSocket. * lib/net/telnets: ditto. Sun Jun 17 13:00:37 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> * ssl.c: use instance variable (rb_ivar_set/rb_ivar_get) instead of the fields in C structure. * ssl.c: new methods SSLSocket#timeout, SSLSocket#ciphers=, SSLSocket#verify_depth=. * ssl.c: new class X509_STORE_CTX. and fix arguments for the Proc#call at verify callback. * ssl.c: new methods X509#sigAlgor, X509#key_type, X509#extension, X509#verify, #X509#to_s * ssl.c: change the sequence of arguments of SSLSocket.new. Sun Jun 17 12:59:50 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> * ChangeLog: new file.
2001-07-15Pass LDFLAGS through to link step so that zebedee gets the right rpathjlam3-29/+22
for systems where the dependent libraries aren't part of the base system. Don't include tcl/buildlink.mk as the libraries aren't required for the build -- only the tclsh binary is required at run-time. Also honor CFLAGS passed in from environment during the build.
2001-07-15Utilize buildlink.mk methodology and make it work on NetBSD 1.5.1.taca3-9/+14
2001-07-13Update my email address.fredb1-2/+2
2001-07-13In package Makefiles, create FILES_SUBST instead of duplicating sedjlam3-12/+40
expression for substituting in DEINSTALL/INSTALL scripts. Use "${CMP} -s" instead of "diff -q" since the former is more portable across OSes.
2001-07-12Let USE_SSL accept latest version of openssl, in current. Patch suppliedfredb1-1/+2
by Martti Kuparinen in PR pk/13447.
2001-07-12Properly handle the case that precompile package doesn't include atron1-3/+4
"ssh_prng_cmds".
2001-07-11Pull in security fix from basesrc by itojun. Commit message was:wiz3-2/+86
fix PRNG weakness. the workaround presented on bugtraq posting. Update to 0.9.6nb1.
2001-07-10Add support for "SPARC_TARGET_ARCH".tron1-3/+9
2001-07-04remove redundant USE_RUBY.taca1-2/+1
2001-07-01Move inclusion of bsd.buildlink.mk to start of file.jlam5-15/+15
2001-07-01Add and enable ruby-acl, ruby-sha1, ruby-ssl and ruby-tcpwrap.taca1-1/+5
2001-07-01Importing ruby-tcpwrap package.taca4-0/+65
ruby-tcpwrap -- TCP wrappers library for Ruby.
2001-07-01Importing ruby-sha1 package.taca5-0/+61
This is a Ruby module for handling SSL sockets, ported from Python.
2001-07-01Importing ruby-sha1 package.taca5-0/+61
ruby-sha1 - A Ruby interface to the SHA-1 Secure Hash Algorithm This is a Ruby extension which implements the SHA-1 Secure Hash Algorithm by NIST (the US' National Institute of Standards and Technology), described in FIPS PUB 180-1.
2001-07-01Importing ruby-acl package.taca4-0/+71
Ruby-acl provides Access Control List checks. list = %w( deny all allow 192.168.1.* allow 127.0.0.1 ) acl = ACL.new(list, ACL::DENY_ALLOW) ... ns = soc.accept unless acl.allow_socket?(ns) # forbidden end
2001-06-30Add ane enable ruby-md5.taca1-1/+2
2001-06-30Importing Ruby extension to MD5 library.taca3-0/+34
This will be part of ruby meta-package.
2001-06-29Add buildlink.mk file for use by other package Makefiles.jlam1-0/+33
2001-06-29USE_CONFIG_WRAPPER is automatically set if USE_BUILDLINK_ONLY is defined,jlam1-2/+1
so remove it from package Makefiles. Also move the inclusion of the buildlink.mk files to the end of the Makefile to just before bsd.pkg.mk to ensure that any Makefile settings occur before the buildlink.mk files.
2001-06-28make sure to link against local libipsec.a.itojun3-8/+18
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-10 16:26:28 +0000