| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
script, since it has insecure temp file handling.
|
|
one Makeifle.in lacks newline in the last line.
|
|
teach fressh how to use either DES API. Bump PKGREVISION since on
NetBSD>=2.0, fressh gains a library dependency on -ldes.
|
|
|
|
|
|
The idea is to prevent needing to patch source files for packages that
use OpenSSL for DES support by ensuring that including <openssl/des.h>
will always present the old DES API.
(1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and
<openssl/des.h> already does the right thing.
(2) If des_old.h doesn't exist, then one of two things is happening:
(a) If <openssl/des.h> is old and (only) supports the old DES API,
then <openssl/des.h> does the right thing.
(b) If it's NetBSD's Special(TM) one that stripped out the old DES
support into a separate library and header (-ldes, <des.h>),
then we create a new header <openssl/des.h> that includes the
system one and <des.h>.
Also modify existing packages that set USE_OLD_DES_API to simply include
<openssl/des.h> instead of either <des.h> or <openssl/des_old.h> (This
step is mostly just removing unnecessary patches).
This should fix building packages that use OpenSSL's old DES API support
on non-NetBSD systems where the built-in OpenSSL is at least 0.9.7.
|
|
|
|
PR pkg/28480.
|
|
private keys are likely to be installed. Patch directly from PR
pkg/28477 by Jason Thorpe.
|
|
some time.
|
|
|
|
While here, fix libtool calls in Makefile to use --mode.
|
|
|
|
Change log:
5.28 Wed Nov 10 15:33:20 MST 2004
- provided more flexible formatting of SHA state files
-- entries may now contain embedded whitespace
for improved readability
- minor code cleanups
|
|
Change log:
*** 2004/09/13 Version 1.4
Fixed Makefile problems on some versions of perl 5.8.0
*** 2004/11/17 Version 1.5
ActivePerl version adds hexhash() for compatibility
Contributed by Gisle Aas
|
|
Change log:
2004-11-08 Gisle Aas <gisle@ActiveState.com>
Release 1.10
Added Digest::file module which provide convenience functions
that calculate digests of files.
2004-11-05 Gisle Aas <gisle@ActiveState.com>
Release 1.09
Fix trivial documentation typo.
|
|
and no package is using it ATM).
4.1.1:
- Fixed shared library version info.
4.1.0:
- Added SHA-384 and SHA-512 algorithms.
- Added HMAC-SHA-384 and HMAC-SHA-512 algorithms.
- Added generic SSE2 optimization for the above algorithms.
- Added more digest algorithms for PKCS#1 EMSA.
- Optimized swap32 and swap64 routines on Linux.
- Fixed missing definition in mpopt.h for s390x.
- Fixed nostackexec configuration bug.
- Fixed problem in Date::toString.
- Fixed deadlock problem which occured in certain cases where security
or crypto SPI constructor called getInstance for another security or
crypto SPI.
- Fixed a bug in the generic CBC encryption code; when called with
nblocks == 1, the feedback was set incorrectly.
- Fixed a bug in mpbsubmod; sometimes it takes multiple additions of
the modulus to get a positive number.
- Fixed PowerPC 64-bit configuration problem on Linux.
4.0.0:
- Added a C++ API interface, modeled after Java's security & crypto API.
- Added the new GNU noexecstack feature.
- Added more x86_64 and s390x assembler routines.
- Modified i2osp, so that it only requires as many octets as there are
significant bytes in the multi-precision integers.
- Fixed a bug in the creation of rsa keypairs; code was not correctly
migrated to new calling sequence. The code now implements the method
described in IEEE P.1363.
- Fixed another bug in mpextgcd_w which sometimes returned incorrect
results.
- Fixed a bug in mprshiftlsz, which didn't work correctly when size = 1.
- Fixed a configuration problem on Tru64 Unix.
3.1.0:
- Added wiping of private key components of keypairs before freeing.
- Fixed bug in mpextgcd_w which sometimes returned incorrect result.
- Fixed error in PowerPC 64-bit assembler symbol definitions.
|
|
|
|
|
|
* improved cleanup routines to make sure that no memory is leaking.
* applied patch to pf.c from OPENBSD_3_6 branch:
fix a bug that leads to a crash when binat rules of the form
'binat from ... to ... -> (if)' are used, where the interface is dynamic.
* added (unsigned char) casts to ctype functions.
* added experimental patch for ALTQ support.
* applied patch to pfctl_parser.c from OPENBSD_3_6 branch:
do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.h
* applied patch to pf.c from OPENBSD_3_6 branch:
The flag to re-filter pf-generated packets was set wrong by synproxy
for ACKs. It should filter the ACK replayed to the server, instead of
of the one to the client.
* applied patch to pf.c from OPENBSD_3_6 branch:
For RST generated due to state mismatch during handshake, don't set
th_flags TH_ACK and leave th_ack 0, just like the RST generated by
the stack in this case. Fixes the Raptor workaround.
* applied patch to pf_lkm.c from NetBSD HEAD:
pfil4_wrapper, pfil6_wrapper:
ensure that mbufs are writable beforehand as pf assumes it.
* applied patch to pf.c from OPENBSD_3_6 branch:
reset anchor pointer to NULL when stepping back into the main ruleset,
fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr
showing wrong state counters for anchor rules.
|
|
|
|
OpenSSL, with patches to use <openssl/des_old.h>.
|
|
pkgsrc and in NetBSD-1.6.x) and OpenSSL 0.9.7 (in NetBSD-2.0), by
creating a new yes/no variable USE_OLD_DES_API that flags whether the
package wants to use the old DES API. If USE_OLD_DES_API is "yes",
then:
* For OpenSSL 0.9.6, symlink ${BUILDLINK_DIR}/include/openssl/des_old.h
to ${SSLBASE}/include/openssl/des.h.
* For NetBSD 2.0's "special" installation of OpenSSL 0.9.7, symlink
${BUILDLINK_DIR}/include/openssl/des_old.h to /usr/include/des.h,
and transform "-lcrypto" into "-ldes -lcrypto". This makes it
behave like stock OpenSSL 0.9.7 where the old DES functions are
part of libcrypto.
Software that wants to use the old DES API should be taught to do it
in a way that works with a stock installation of OpenSSL 0.9.7 -- by
including <openssl/des_old.h> and linking against "-lcrypto". Software
that wants to use the new DES API should simply depend on openssl>=0.9.7.
This change has no impact on existing packages as the new code is
active only when USE_OLD_DES_API == "yes".
|
|
|
|
This is mainly a maintenance release to support new options in dirmngr
(to be released soon):
* [gpgsm] New option --prefer-system-dirmngr.
* Minor cleanups and debugging aids.
|
|
|
|
BUILDLINK_TRANSFORM.
|
|
Suggested by Roland Illig, ok'd by various.
|
|
|
|
|
|
|
|
Version 0.10
* Fixed bugs
* Moved project over to sourceforge.net
* Change of project ownership
|
|
from time_t to long, but prototype wasn't updated to match.)
|
|
|
|
It can't be fixed easily because the pflkm package uses different versioning
(dates instead of 3.5, 3.6, etc). So just disable it for now until I've
found a better way to handle this.
Approved by wiz.
|
|
|
|
- move store directory to under PKG_SYSCONFDIR.
- add missing fix to top level configure.
|
|
Changes:
o Added a configure check for systems with a 2-argument version of
timespecsub (like BSD/OS).
o Added stub struct defintions to sudo.h to quiet compiler warnings
on some systems.
o In sudoers Defaults lines, tuples like "lecture" may now be used
without a value, restoring their old boolean-like nature.
o Invalid values for a tuple are now handled correctly.
|
|
- Changes are unknown.
- License restriction is removed now.
- Try to keep configuration to ${PREFIX}/etc/AiCA.
|
|
|
|
|
|
0.xx releases. Full changelog:
hashcash-1.13 - 16-Oct-2004 - Adam Back <adam@cypherspace.org>
* fix bug where grace period not applied to double-spend db.
I think this could allow people to double-spend in the time
period after the resulting premature purging and before
expiry (which is the grace period)
* add new feature where -e <period> can be used with -p to
override the expiry given at spend time (that is stored in
the double-spend db). Inspired by question from Atom
Smasher <atom@suspicious.org>.
* clean up some memory leaks
* add hashcash_free function (DLL scenario caller can't rely
on having same deallocator to call as library compiled with)
* lots more function documentation in hashcash.h for
library/DLL users, renamed all exported library functions to
start with hashcash_ prefix.
* added hashcash_version function.
* added callback function to allow user quit (returns
HASHCASH_USER_ABORT) and to give progress feedback.
* added option -P which uses the callback to show progress.
* added -O core option to allow user selection of core.
* added small parameter to hashcash (to request small stamps
rather than slightly larger fast to generate stamps), and -Z
option to turn this on. (In fact it is not implemented yet
but want to avoid changing library interface later).
hashcash-1.12 - 03-Oct-2004 - Adam Back <adam@cypherspace.org>
* make a HASHCASH.DLL on windows using MINGW.
hashcash-1.11 - 02-Oct-2004 - Adam Back <adam@cypherspace.org>
* _really_ fix trailing ascii(32) (spaces). I have no idea
how I decided the 1.10 code fixed it. Must have messed up
the test I was using to check it worked.
hashcash-1.10 - 01-Oct-2004 - Adam Back <adam@cypherspace.org>
* remove trailing ascii(32) (spaces) which padding somehow
leaves
hashcash-1.09 - 17-Sep-2004 - Adam Back <adam@cypherspace.org>
* fix missing space between resource name and width with -cv
reported by Panta Admin.
* apply cumulative patch of 3 patches from Jonathan Morton.
hashcash-1.08 - 12-Sep-2004 - Adam Back <adam@cypherspace.org>
* fix bug reported by Panta Admin <admin@panta-rhei.dyndns.org>
must have introduced in recent version where with pipe
prints stamp twice.
* attempt to work around MINGW problem with signals -- somehow
it is changing it's mind about whether the MMX core can run
from the first call to the 2nd call. But the test result
is cached so it is hard to see how this happens. Not clear
if this work-around will work as don't have a 486 to test
on. (Work around is make single gIsMMXpresent shared
between the two mmx cores, should at least result in signal
call being used fewer times (max 1 time). Also pass 1 to
longjmp.)
* give up entirely on conditional make. One Makefile, no
funky stuff. Prints info about what you need to do to
compile on your platform and goes ahead and compiles with
generic anyway. Make new gnu (generic) target for gcc, and
normal generic with no gcc specific flags.
hashcash-1.07 - 11-Sep-2004 - Adam Back <adam@cypherspace.org>
* patch from J H Wilson <jhw@ieee.org> to initialize a bunch
of variables (actually I had to back some of these out to
get to compile on non gnu compilers -- some of those
structure initializations are gnu extensions I think.)
* also J H Wilson one of patch changes was to avoid mmx
assembler code clobbering ebx register which is needed for
fPIC support.
* better randomness on windows using the CAPI rng
CryptGenRandom. Still compiles using MINGW ... whee!
* made a separate GNUmakefile for gnu make (it takes that one
first over Makefile) and a Makefile which is the same but no
ifdef stuff which confuses some other makes, and no gnu
specific compile options (for x86 anyway).
* add gettimeofday timer into entropy to improve randomness on
systems which do not have /dev/urandom, and are not windows
hashcash-1.06 - 10-Sep-2004 - Adam Back <adam@cypherspace.org>
* patch from Justin Guyett <justin@soze.net> to fix unsigned
error which would have made libfastmint do something odd if
no minter worked.
* Makefile changes to compile under MINGW (gnu for windows
portability layer which produces win32 exes). new target
mingw-exe
* #ifdefs to avoid locking on MINGW (seems no lock support!)
* #ifdefs to use longjmp instead of siglongjmp, signal instead
of sigaction on MINGW
* #ifdef to use chsize instead of ftruncate on MINGW
hashcash-1.05 - 08-Sep-2004 - Adam Back <adam@cypherspace.org>
* and another issue (last I promise!) with case comparison.
1.04 change was good; however flaw in 1.02 means 1.04 minted
stamps (resource not canonicalized to lowercase) can falsely
fail to verify with 1.02 - 1.00 as those versions presume
canonicalized stamp. So we go back to making -C have effect
on minting also. With no -C canonicalize to lowercase, with
-C use resource as-is.
* get rid of -W flag reserved for posix, use -M in it's place.
hashcash-1.04 - 07-Sep-2004 - Adam Back <adam@cypherspace.org>
* fixed issue with case comparisons -- presumed resources were
in lower case at minting -- better to just ignore case
during comparison. Then will accept stamps containing upper
case or mixed-case resource names.
* integrate fastmint_benchtest as -sv option to hashcash.
* introduce COPT as well as CFLAGS as optimization subset of
flags passed with CFLAGS to nested make -- suits RPM
hashcash-1.03 - 07-Sep-2004 - Adam Back <adam@cypherspace.org>
* remove TARGET_ARCH again, let's keep things simple. Just
use CFLAGS period.
* figured out what GENTOO ebuild is doing, changed ebuild file
* remove recursion from hashcash_fastmint
* start using TARGET_ARCH in Makefile, hope it's portable;
it's an attempt to be more GENTOO ebuild friendly
* Makefile change: when PACKAGE is defined build default
target, otherwise echo the target info as before
* removed a bunch of old code replaced by fastmint, got rid of
CHROMATIX define
* fix following errors reported by Atom Smasher <atom@suspicious.org>
* fix width measuring bug with v0 stamps
* fix resource read from stdin bug
* use GNU getopt source always -- getopt
on BSD behaves differently (the getopt source is
smart -- it comments itself out on machines with
GNU_LIBRARY so using it always is not a problem)
* bug: should send the time estimate to
stderr, and the stamp to stdout
* -z width flag not properly error checked
to enforce UTCTIME restrictions (only valid widths
6, 10 or 12 digits)
* update LICENSE to note you end up with some GNU GPL taint
from getopt on systems without POSIX getopt which probably
forces you to use GPL as I link against it. Unless someone
wants to re-write the getopt or can point me at a public
domain replacement. In particular this includes BSD and
MACH (OSX) and as before windows.
* apply patch from Jonathan Morton <chromi@chromatix.demon.co.uk>
with following fixes:
* fix bug in mmx assembler code exposed by integration
* add generic target in Makefile
* increase benchmark work factor to improve accuracy of
results (as not used at run-time)
* new hashcash_quickbench()
* changes to hashcash_quickbench() to give faster timing on
linux x86 which has low resolution clock() (1/100th sec vs
1usec on OSX). (It was taking ~ 0.6sec on linux x86, code
takes 0.1 sec now which is less noticeable)
* related to above studiously avoided calling hc_per_sec()
which invokes hashcash_quickbench() -- seems a shame to burn
1/10th sec in default mint creation path if user typically
doesn't care about the info about how long it took. Now you
have to give -s or -v to get speed info when minting.
* fix case sensitivity bug reported by Atom Smasher
<atom@suspicious.org>
* add CPL option back to LICENSE file
* add make targets for different processors
* remove 2nd call of hashcash_benchtest (supposed to call
hc_per_second which caches not hashcash_per_second)
* enable static selection of fastmint cores, disable run
time benchtest
* applied fastmint fix patch from Jonathan Morton
<chromi@chromatix.demon.co.uk> and re-enabled fastmint
(remove -DCHROMATIX in Makefile to disable)
hashcash-1.02 - 11-Aug-2004 - Adam Back <adam@cypherspace.org>
* minor documentation stuff (put back ref to sha1-hashcash in
hashcash.pod manpage)
* add back requests to LICENSE file
hashcash-1.01 - 08-Aug-2004 - Adam Back <adam@cypherspace.org>
* fold in patches from by Hubert Chan
<hubert@uhoreg.ca> and Justin Guyett <justin@soze.net> to
clean up some stuff and fix minor bugs.
* another couple of minor bug fixes.
hashcash-1.00 - 07-Aug-2004 - Adam Back <adam@cypherspace.org>
* increment version number, 1.x to reflect move to version 1
stamp format
* explicit bits field in token (helps people who want to
prevalidate header and parse, and who want to know what the
intended bits were vs how lucky the sender got); new stamp
size definition is min( counted_bits, explicit bits field )
* no : in resource field to make easier to parse eg with cut,
awk etc
* new extension field
* reclaimed -x to use for passing eXtension data (old -x no longer
available, use -X, which has string fixed to X-Hashcash)
* put /dev/urandom macro for MAC from
Jonathan Morton <chromi@chromatix.demon.co.uk> so we use
/dev/urandom on MAC
* copy in and adjust Makefile for Jonathan Morton's optimized
minter (need to integrate)
* copy in Jonathan Morton's COMPACT option (method B vs method A
from fips-180-1, uses less registers) for libsha1.c
* copy in next rev of minter breaks 4megahashes/sec barrier on
3.06Ghz P4 -- disabled at present until some stuff gets
fixed and we figure out rpm/deb package portability
* added back v0 read support (but still only generates v1)
* pr5: first attempt at integrating libfastmint (some bug in
my integration code, broken so far)
* (pr6: libfastmint integ still not working)
* pr6: made X-Hashcash header accepatance case insensitive
* pr7: also reject tokens with count_bits < claimed_bits
(as previous logic of setting bits = min( count_bits, claimed_bits)
necessary to avoid people getting lucky
* use clock() instead of wall time
* expand max stamp size out to cope with 10KB extension fields
* update man page and usage with v1 stuff
* and release as 1.00 ready for Hubert Chan <hubert@uhoreg.ca>
to package for the imminent debian release
hashcash-0.33 - 13-Apr-2004 - Adam Back <adam@cypherspace.org>
* allow wild card without @ sign if there is no @ sign in
pattern
|
|
|
|
New in 2.2.0:
MIME traversal now includes MIME container parts (e.g. multipart/*,
message/*), making them visible to banned rules. This version
preserves original zip archives for virus scanners if the archive
contains any zero-length members. New short types 'dll' and 'empty'
makes blocking recent viruses more flexible, including their
unsuccessful propagation attempts. It recognizes standard Unix
archives and unpacks Debian binary packages. The LDAP modules were
rewritten. The handling of double errors was improved. This version
supports mail size limits and Mail::ClamAV 0.12. A new AV entry
'check-jpeg' can test JPEG images for validity.
New in 2.1.2:
This release fixes (hard) blacklisting and whitelisting on static
lookup tables, which was failing to match any sender. The 'neutral'
sender notification, which was joining the Subject and the Message-ID
header fields in some situations, has been fixed. The signal and
error handling in code sections holding BDB locks is now more
thorough. A new %e macro is provided that evaluates to a best guess
of the originator IP address collected from the Received trace.
New in 2.1.1:
The default use of $banned_filename_re, which was lost in 2.1.0,
was added back. A fix was made for inappropriate log entry in SQL
whitelisting, complaining about unexpected wb field value. Missing
import of &ca was added to the amavisd-new-courier.patch. A default
directory is now provided with delivery method "bsmtp", if not
specified. The Mail::SpamAssassin::Plugin::Hashcash module is
pre-loaded with SA 3.0.0, and Mail::SpamAssassin::SpamCopURI with
URI::* is loaded for older SA versions. Small enhancements were
made to amavisd-nanny.
New in 2.1.0:
The use of BerkeleyDB is now optional. The configuration files were
cleaned up, and a small new amavisd-nanny utility that shows the
status of all child processes and checks for vanished or stale
processes was included. Two important bugfixes were made in the
ACL and SQL lookup code along with numerous other fixes and small
improvements. Users of 2.0 should upgrade to this release.
|
|
for pkgsrc-2004Q4. The "buildlink" phase was removed for the last branch,
and this is the final cleanup. "post-buildlink" is now "post-wrapper".
|
|
Noteworthy changes since the last release:
- Replace GNU LD version script with Libtool -export-symbols-regex,
from Joe Orton <joe at manyfish.co.uk>.
- Copy libtasn1 has been updated to version 0.2.11.
- Corrected the write of CRL distribution points.
- It is now possible to generate PKCS#12 structures without private
keys using "certtool --to-p12", suggested by Fabian Fagerholm
<fabbe at paniq.net>.
|
|
* Bug fixes
|
|
- Ruby 1.8.1 bundled this extention library.
- Use ruby-drb package for ruby16 since it contain this library.
|
|
|
