| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
ipsec-tools: update package for cve
revisions pulled up:
pkgsrc/security/ipsec-tools/Makefile 1.28
pkgsrc/security/ipsec-tools/distinfo 1.15
Module Name: pkgsrc
Committed By: manu
Date: Sat Aug 16 06:55:18 UTC 2008
Modified Files:
pkgsrc/doc: CHANGES-2008
pkgsrc/security/ipsec-tools: Makefile distinfo
Log Message:
Update to ipsec-tools 0.7.1, fixes CVE-2008-3652
Changes since the 0.6 branch:
0.7.1 - 23 July 2008
o Fixes a memory leak when invalid proposal received
o Some fixes in DPD
o do not set default gss id if xauth is used
o fixed hybrid enabled builds
o fixed compilation on FreeBSD8
o cleanup in network port value manipulation
o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
purge_ipsec_sp
i()
o Generates a log if cert validation has been disabled by
configuration
o better handling for pfkey socket read errors
o Fixes in yacc / bison stuff
o new plog() macro (reduced CPU usage when logging is disabled)
o Try to works better with huge SPD/SAD
o Corrected modecfg option syntax
o Many other various fixes...
0.7 - 09 August 2007
o Xauth with pre-shared key PSK
o Xauth with certificates
o SHA2 support
o pkcs7 support
o system accounting (utmp)
o Darwin support
o configuration can be reloaded
o Support for UNIQUE generated policies
o Support for semi anonymous sainfos
o Support for ph1id to remoteid matching
o Plain RSA authentication
o Native LDAP support for Xauth and modecfg
o Group membership checks for Xauth and sainfo selection
o Camellia cipher support
o IKE Fragment force option
o Modecfg SplitNet attribute support
o Modecfg SplitDNS attribute support ( server side )
o Modecfg Default Domain attribute support
o Modecfg DNS/WINS server multiple attribute support
|
|
gnutls: update package for fixes
revisions pulled up:
pkgsrc/security/gnutls/Makefile 1.71
pkgsrc/security/gnutls/PLIST 1.32
pkgsrc/security/gnutls/distinfo 1.45
pkgsrc/security/gnutls/patches/patch-ad r0
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 30 17:17:21 UTC 2008
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/gnutls/patches: patch-ad
Log Message:
update to gnutls-2.4.1
Changes:
** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2]
** libgnutls: Fix memory leaks when doing a re-handshake.
** Fix compiler warnings.
** Fix ordering of -I's to avoid opencdk.h conflict with system headers.
** srptool: Fix a problem where --verify check does not succeed.
|
|
openssh: patch for X11 forwarding issue on HP-UX
revisions pulled up:
pkgsrc/security/openssh/Makefile 1.189
pkgsrc/security/openssh/distinfo 1.70
pkgsrc/security/openssh/patches/patch-at 1.7
Module Name: pkgsrc
Committed By: tnn
Date: Thu Jul 24 16:25:47 UTC 2008
Modified Files:
pkgsrc/security/openssh: Makefile distinfo
Added Files:
pkgsrc/security/openssh/patches: patch-at
Log Message:
Add patch from OpenSSH 5.1 that fixes an X11 fwd security issue on
HP-UX. Bump PKGREVISION.
|
|
While here, move the sharedstatedir to VARBASE where it belongs.
Bump PKGREVISION.
|
|
Patch provided by Hasso Tepper in PR 38878.
|
|
660) The -i flag should imply resetting the environment, as it did in
sudo version prior to 1.6.9. Also, the -i and -E flags are
mutually exclusive.
661) Fixed the configure test for dirfd() under Linux.
662) Fixed test for whether -lintl is required to link.
663) Changed how sudo handles the child process when sending mail.
This fixes a problem on Linux with the mail_always option.
664) Fixed a problem with line continuation characters inside of
quoted strings.
|
|
|
|
Approved by agc.
|
|
|
|
|
|
|
|
Get MD5 sums for files of a given path or content of a given url.
|
|
|
|
Bump PKGREVISION.
|
|
with the number of colons between the fields.
|
|
|
|
|
|
|
|
Applied Hasso Tepper recommended fix. Thank you.
|
|
MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
|
|
will be bumped again once some other patches are in.
|
|
supported yet. Don't bump revision as the package didn't build before.
|
|
- telnetd username and environment sanitizing vulnerabilities ("-f root")
as described in MIT Kerberos advisory 2007-001.
- krb5_klog_syslog() problems with overly long log strings as described
in MIT Kerberos advisory 2007-002.
- GSS API kg_unseal_v1() double free vulnerability as described in the
MIT Kerberos advisory 2007-003.
|
|
- Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake
which could lead to a silent crash.
- Fix double free in TLS server name extensions which could lead to a remote
crash.
Patches from upstream.
|
|
Noticed by Hasso Tepper in PR 38822.
Bump PKGREVISION.
|
|
|
|
last commit.
|
|
getpeereid() .
|
|
changes:
-Fix importing keys from hkp keyservers
-build fixes
|
|
changes:
-minor UI improvements
-bugfixes
-portability improvements, in particular for credential passing on
local sockets -- unfortunately a bit of the patch I submitted upstream
got lost
|
|
|
|
|
|
4.24: fix security problem (properly reject revoked certs)
4.23: WinNT bugfix
4.22:
- A new global option to control logging to syslog.
Simultaneous logging to a file and the syslog is now possible.
- A new service level option to control stack size.
- Restored chroot() to be executed after decoding numerical
userid and groupid values in drop_privileges().
- A few bugs fixed the in the new libwrap support code.
- TLSv1 method used by default in FIPS mode instead of
SSLv3 client and SSLv23 server methods.
4.21:
- Initial FIPS 140-2 support (see INSTALL.FIPS for details).
- Experimental fast support for non-MT-safe libwrap is provided
with pre-spawned processes.
- Stunnel binary moved from /usr/local/sbin to /usr/local/bin
in order to meet FHS and LSB requirements.
- Added code to disallow compiling stunnel with pthreads when
OpenSSL is compiled without threads support.
- Minor manual update.
- TODO file updated.
- Dynamic locking callbacks added (needed by some engines to work).
- AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments.
- On some systems libwrap requires yp_get_default_domain from libnsl,
additional checking for libnsl was added to the ./configure script.
- Sending a list of trusted CAs for the client to choose the right
certificate restored.
- Some compatibility issues with NTLM authentication fixed.
|
|
|
|
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
|
|
Addresses PR 38744.
|
|
patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.
|
|
And also require opencdk>=0.6.5.
|
|
security/p5-String-Random. Merge changes from the textproc one into
the security one.
|
|
* Version 2.2.5 (released 2008-05-19)
Fix flaw in fix for GNUTLS-SA-2008-1-3.
* Version 2.2.4 (released 2008-05-19)
Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
[GNUTLS-SA-2008-1-1]
libgnutls: Fix crash when sending invalid server name.
[GNUTLS-SA-2008-1-2]
libgnutls: Fix crash when sending repeated client hellos.
[GNUTLS-SA-2008-1-3]
libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
* Version 2.2.3 (released 2008-05-06)
Increase default handshake packet size limit to 48kb.
Fix compilation error related to __FUNCTION__ on some systems.
Documented the --priority option to gnutls-cli and gnutls-serv.
Fix fopen file descriptor leak in PSK server code.
Build Guile code with -fgnu89-inline only when supported.
Make Camellia encryption work.
|
|
Based on patch provided by Eric Schnoebelen in PR 38692.
While here, marked as DESTDIR support.
Also fix CONFIGURE option for GSSAPI implement (I don't know from when).
* Version 0.2.26 (released 2008-05-05)
** Translations files not stored directly in git to avoid merge conflicts.
This allows us to avoid use of --no-location which makes the
translation teams happier.
** Build fixes for the documentation.
** Update gnulib files.
* Version 0.2.25 (released 2008-03-10)
** gsasl: Fix buffering issue to avoid mixing stdout/stderr outputs.
This would manifest itself when redirecting output to a pipe, such as
when used with Gnus. Reported by Enrico Scholz
<enrico.scholz@informatik.tu-chemnitz.de>, see
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/123>.
** Fix non-portable use of brace expansion in makefiles.
* Version 0.2.24 (released 2008-01-15)
** Link self-tests with gnulib, to fix link failures under MinGW.
* Version 0.2.23 (released 2008-01-15)
** Improve CRAM-MD5 self-test to detect if challenges are the same.
** Improve gsasl --help and --version to conform with GNU standards.
** Use gettext 0.17.
** Update gnulib files.
* Version 0.2.22 (released 2007-10-08)
** Development git tree moved to savannah.
See <https://savannah.gnu.org/projects/gsasl/>.
** Fix warnings when building the tool 'gsasl'.
** Update gnulib files.
|
|
tech-pkg at jp.NetBSD.org => tech-pkg-ja at jp.NetBSD.org
|
|
changes:
-direct-tcpip support
-bug fixes
pkgsrc change: disable use of Python setuptools
(gives unpredictable results)
|
|
|
|
so make it only end up in the PLIST if that is the case.
|
|
Major changes since Sudo 1.6.9p15:
o There was missing whitespace before the ldap libraries in the Makefile
for some configurations.
o LDAPS_PORT may not be defined on older Solaris LDAP SDKs.
o If the LDAP server could not be contacted and the user was not present
in sudoers, a syntax error in sudoers was incorrectly reported.
|
|
|
|
Stegtunnel provides a covert channel in the IPID and sequence number
fields of any desired TCP connection. It requires the server and
client to have a previously shared secret in common to detect and
decrypt the data.
|
|
|
|
|
